From free10pro at gmail.com Fri Apr 1 04:34:12 2016
From: free10pro at gmail.com (Paul R. Ramer)
Date: Thu, 31 Mar 2016 19:34:12 -0700
Subject: [Announce] GnuPG 2.0.29 released
In-Reply-To: <871t6qj3yv.fsf@wheatstone.g10code.de>
References: <871t6qj3yv.fsf@wheatstone.g10code.de>
Message-ID: <56FDDE24.1030406@gmail.com>
On 03/31/2016 04:12 AM, Werner Koch wrote:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-2.0
> release: Version 2.0.30. This is a maintenance release which fixes a
> couple of bugs.
The subject line is about v2.0.29 instead of v2.0.30. Just FYI.
-Paul
From mick.crane at gmail.com Fri Apr 1 04:05:18 2016
From: mick.crane at gmail.com (mick crane)
Date: Fri, 01 Apr 2016 03:05:18 +0100
Subject: where is gnupg configure file
Message-ID: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
hello,
I made a key pair a couple of years ago but I never used them.
Now I try to make new Debian email server ( just for me ) all nice and
tidy.
there is enigma plugin for roundmail.
I imported my private and public keys and they seem to be in the keyring
as
"gnupg -K --list-secret-keys" lists the secret keys
but ~/.gnupg/private-keys-v1.d directory is empty.
Using enigma it doesn't seem able to find the keys.
First what I would like to do is find a configure file for gnupg ?
cheers
mick
--
key ID: 0x4BFEBB31
From dashohoxha at gmail.com Fri Apr 1 05:35:16 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Fri, 1 Apr 2016 05:35:16 +0200
Subject: where is gnupg configure file
In-Reply-To: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
Message-ID:
On Fri, Apr 1, 2016 at 4:05 AM, mick crane wrote:
>
> First what I would like to do is find a configure file for gnupg ?
>
Did you check ~/.gnupg/gpg.conf ?
If it does not exist just create it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mick.crane at gmail.com Fri Apr 1 05:52:21 2016
From: mick.crane at gmail.com (mick crane)
Date: Fri, 01 Apr 2016 04:52:21 +0100
Subject: where is gnupg configure file
In-Reply-To:
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
Message-ID: <1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
On 2016-04-01 04:35, Dashamir Hoxha wrote:
> On Fri, Apr 1, 2016 at 4:05 AM, mick crane
> wrote:
>
>> First what I would like to do is find a configure file for gnupg ?
>
> Did you check ~/.gnupg/gpg.conf ?
> If it does not exist just create it.
Ah OK, so there is no other config file somewhere with pristine install
( Debian)
Is there any point me exporting private keys and putting them in
private-keys-v1.d directory ?
--
key ID: 0x4BFEBB31
From viktordick86 at gmail.com Fri Apr 1 07:49:59 2016
From: viktordick86 at gmail.com (Viktor Dick)
Date: Fri, 1 Apr 2016 07:49:59 +0200
Subject: where is gnupg configure file
In-Reply-To: <1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
Message-ID: <56FE0C07.7010609@gmail.com>
Are you sure that you are using gpg2? private-keys-v1.d only contains
private keys for gpg2. gpg1 stores them in ~/.gnupg/secring.gpg or
something like that. If enigmail uses gpg2 and you created your key with
gpg1, they will not see the same keys. '--version' is your friend.
IIRC, using the key with gpg2 will import it from gpg1. There was a nice
online FAQ entry or something alike where the process is described, but
I can't find it at the moment.
Regards,
Viktor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL:
From mick.crane at gmail.com Fri Apr 1 10:21:22 2016
From: mick.crane at gmail.com (mick crane)
Date: Fri, 01 Apr 2016 09:21:22 +0100
Subject: where is gnupg configure file
In-Reply-To: <56FE0C07.7010609@gmail.com>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
Message-ID: <5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
On 2016-04-01 06:49, Viktor Dick wrote:
> Are you sure that you are using gpg2? private-keys-v1.d only contains
> private keys for gpg2. gpg1 stores them in ~/.gnupg/secring.gpg or
> something like that. If enigmail uses gpg2 and you created your key
> with
> gpg1, they will not see the same keys. '--version' is your friend.
>
> IIRC, using the key with gpg2 will import it from gpg1. There was a
> nice
> online FAQ entry or something alike where the process is described, but
> I can't find it at the moment.
>
> Regards,
> Viktor
version is 1.4.18
from what I read I don't think I can use gpg2 because
Debian GNU/Linux 8 (jessie)apt uses gpg1 at present.
I'm certain private-keys-v1.d was there before I attempted to use
enigma/roundcube.
there is this but I do not know if that is everything required for gpg2
mick at rapunzel:~$ locate gpg2
/usr/bin/gpg2
/usr/lib/gnupg2/gpg2keys_curl
/usr/lib/gnupg2/gpg2keys_finger
/usr/lib/gnupg2/gpg2keys_hkp
/usr/lib/gnupg2/gpg2keys_ldap
/usr/share/bash-completion/completions/gpg2
/usr/share/man/man1/gpg2.1.gz
I have asked on roundcube list.
--
key ID: 0x4BFEBB31
From wk at gnupg.org Fri Apr 1 10:33:53 2016
From: wk at gnupg.org (Werner Koch)
Date: Fri, 01 Apr 2016 10:33:53 +0200
Subject: [Announce] GnuPG 2.0.29 released
In-Reply-To: <56FDDE24.1030406@gmail.com> (Paul R. Ramer's message of "Thu, 31
Mar 2016 19:34:12 -0700")
References: <871t6qj3yv.fsf@wheatstone.g10code.de> <56FDDE24.1030406@gmail.com>
Message-ID: <87wpohg232.fsf@wheatstone.g10code.de>
On Fri, 1 Apr 2016 04:34, free10pro at gmail.com said:
> The subject line is about v2.0.29 instead of v2.0.30. Just FYI.
Yeah, I know. Sorry.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Fri Apr 1 10:35:59 2016
From: wk at gnupg.org (Werner Koch)
Date: Fri, 01 Apr 2016 10:35:59 +0200
Subject: where is gnupg configure file
In-Reply-To: <56FE0C07.7010609@gmail.com> (Viktor Dick's message of "Fri, 1
Apr 2016 07:49:59 +0200")
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
Message-ID: <87shz5g1zk.fsf@wheatstone.g10code.de>
On Fri, 1 Apr 2016 07:49, viktordick86 at gmail.com said:
> Are you sure that you are using gpg2? private-keys-v1.d only contains
> private keys for gpg2. gpg1 stores them in ~/.gnupg/secring.gpg or
Actually only GnuPG 2.1 (?modern?) uses private-keys-v1.d/ for OpenPGP.
2.0 uses that directory only for S/MIME keys (with the gpgsm tool).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From peter at digitalbrains.com Fri Apr 1 12:45:29 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Fri, 1 Apr 2016 12:45:29 +0200
Subject: What am I missing? (Again)
In-Reply-To: <56FD63DC.8000909@digitalbrains.com>
References:
<56FC8032.1040403@mail.ru> <56FCD794.1070505@vulcan.xs4all.nl>
<56FD63DC.8000909@digitalbrains.com>
Message-ID: <56FE5149.8020306@digitalbrains.com>
On 31/03/16 19:52, Peter Lebbing wrote:
> (offline attack). 10 bits of entropy, seriously.... (PIN consisting of 4 decimal
> numbers taken as example, I don't know what Apple uses)
10^3 != 10^4.
10^4 is approximately 2^13, so 13 bits of entropy.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From free10pro at gmail.com Fri Apr 1 18:52:26 2016
From: free10pro at gmail.com (Paul R. Ramer)
Date: Fri, 1 Apr 2016 09:52:26 -0700
Subject: where is gnupg configure file
In-Reply-To: <5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
<5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
Message-ID: <56FEA74A.7030608@gmail.com>
On 04/01/2016 01:21 AM, mick crane wrote:
> from what I read I don't think I can use gpg2 because
> Debian GNU/Linux 8 (jessie)apt uses gpg1 at present.
> I'm certain private-keys-v1.d was there before I attempted to use
> enigma/roundcube.
Debian has a package for GnuPG 2, which is gnupg2. If it is not
installed you can install it.
> there is this but I do not know if that is everything required for gpg2
>
> mick at rapunzel:~$ locate gpg2
> /usr/bin/gpg2
> /usr/lib/gnupg2/gpg2keys_curl
> /usr/lib/gnupg2/gpg2keys_finger
> /usr/lib/gnupg2/gpg2keys_hkp
> /usr/lib/gnupg2/gpg2keys_ldap
> /usr/share/bash-completion/completions/gpg2
> /usr/share/man/man1/gpg2.1.gz
This should mean that you have the gnupg2 package installed, which is
all you need to run gpg2. You can confirm that the gnupg2 package is
installed by running the following:
dpkg-query --list gnupg2
Cheers,
-Paul
From peter at digitalbrains.com Fri Apr 1 19:21:53 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Fri, 1 Apr 2016 19:21:53 +0200
Subject: where is gnupg configure file
In-Reply-To: <5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
<5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
Message-ID: <56FEAE31.5040608@digitalbrains.com>
On 01/04/16 10:21, mick crane wrote:
> from what I read I don't think I can use gpg2 because
> Debian GNU/Linux 8 (jessie)apt uses gpg1 at present.
GnuPG 1.4 and GnuPG 2.x are co-installable, they can function
side-by-side. If you take the Jessie GnuPG 2.0 package, you get 2.0,
which will use the same key storage as 1.4.
GnuPG 1.4.12 (with backported fixes from later releases) is in package
gnupg, and the binary is called gpg. GnuPG 2.0.26 with backports is in
package gnupg2, and the binary is called gpg2. You appear to have both
installed.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From eva.milou at gmail.com Fri Apr 1 17:03:41 2016
From: eva.milou at gmail.com (Eva Bouwman (renee))
Date: Fri, 01 Apr 2016 17:03:41 +0200
Subject: Translate to dutch
Message-ID: <11229761.4pRxggyFSz@renee-hpmk>
hi,
No idea how to reach the one able to answer my question, it is not my
intention to post to the mailing list, but I have no idea how to get in
contact otherwise.
I recently started using KDE-mint and right now I am reading about
implementing safety to my system.
I think it is important to share your knowledge with "average-pc-users" in
what you are doing and why. That's why I thought while I am reading your
documents I can start to translate them into Dutch, is this something you
would like to receive?
I got inspired with my parents in mind, reading and understanding English
is a big issue for them and I would like to start documenting an easy to
understand start-up document, which explains why and how its working with a
how to implement. Is there any preference from your point of view in where
to start, what document you would like to be translated?
Please let me know, I am not able to support you financially but this is
something I can do, to share the importance of your knowledge and
application to the Dutch understanding online.
Kind regards,
Eva Bouwman
From dashohoxha at gmail.com Fri Apr 1 23:57:07 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Fri, 1 Apr 2016 23:57:07 +0200
Subject: Translate to dutch
In-Reply-To: <11229761.4pRxggyFSz@renee-hpmk>
References: <11229761.4pRxggyFSz@renee-hpmk>
Message-ID:
Hi Eva,
Would you consider using this easy tool: https://github.com/dashohoxha/egpg
?
I am not sure how much easy it is, but the intention is for beginers.
I would love some feedback from some Dutch parent average-pc-users
(if you can write a suitable doc for them).
This is not a direct answer to your question, sorry for that.
Regards,
Dashamir
On Fri, Apr 1, 2016 at 5:03 PM, Eva Bouwman (renee)
wrote:
> hi,
>
> No idea how to reach the one able to answer my question, it is not my
> intention to post to the mailing list, but I have no idea how to get in
> contact otherwise.
> I recently started using KDE-mint and right now I am reading about
> implementing safety to my system.
>
> I think it is important to share your knowledge with "average-pc-users" in
> what you are doing and why. That's why I thought while I am reading your
> documents I can start to translate them into Dutch, is this something you
> would like to receive?
>
> I got inspired with my parents in mind, reading and understanding English
> is a big issue for them and I would like to start documenting an easy to
> understand start-up document, which explains why and how its working with a
> how to implement. Is there any preference from your point of view in where
> to start, what document you would like to be translated?
>
> Please let me know, I am not able to support you financially but this is
> something I can do, to share the importance of your knowledge and
> application to the Dutch understanding online.
>
> Kind regards,
> Eva Bouwman
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Sat Apr 2 00:36:39 2016
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 1 Apr 2016 18:36:39 -0400
Subject: Translate to dutch
In-Reply-To: <11229761.4pRxggyFSz@renee-hpmk>
References: <11229761.4pRxggyFSz@renee-hpmk>
Message-ID: <56FEF7F7.5060506@sixdemonbag.org>
Eva --
We have a Russian translation for the GnuPG FAQ, but not a Dutch. If
you'd care to contribute one, I'd love to link to it from the main FAQ. :)
From jhs at berklix.com Sat Apr 2 00:33:59 2016
From: jhs at berklix.com (Julian H. Stacey)
Date: Sat, 02 Apr 2016 00:33:59 +0200
Subject: Translate to dutch
In-Reply-To: Your message "Fri, 01 Apr 2016 23:57:07 +0200."
Message-ID: <201604012234.u31MXxGD054334@fire.js.berklix.net>
Hi, Reference:
> From: Dashamir Hoxha
> Date: Fri, 1 Apr 2016 23:57:07 +0200
Dashamir Hoxha wrote:
> --===============1973221138==
> Content-Type: multipart/alternative; boundary=001a1143d312c5cf29052f7375e8
>
> --001a1143d312c5cf29052f7375e8
> Content-Type: text/plain; charset=UTF-8
>
> Hi Eva,
>
> Would you consider using this easy tool: https://github.com/dashohoxha/egpg
> ?
> I am not sure how much easy it is, but the intention is for beginers.
> I would love some feedback from some Dutch parent average-pc-users
> (if you can write a suitable doc for them).
>
> This is not a direct answer to your question, sorry for that.
>
> Regards,
> Dashamir
>
> On Fri, Apr 1, 2016 at 5:03 PM, Eva Bouwman (renee)
> wrote:
>
> > hi,
> >
> > No idea how to reach the one able to answer my question, it is not my
> > intention to post to the mailing list, but I have no idea how to get in
> > contact otherwise.
> > I recently started using KDE-mint and right now I am reading about
> > implementing safety to my system.
> >
> > I think it is important to share your knowledge with "average-pc-users" in
> > what you are doing and why. That's why I thought while I am reading your
> > documents I can start to translate them into Dutch, is this something you
> > would like to receive?
> >
> > I got inspired with my parents in mind, reading and understanding English
> > is a big issue for them and I would like to start documenting an easy to
> > understand start-up document, which explains why and how its working with a
> > how to implement. Is there any preference from your point of view in where
> > to start, what document you would like to be translated?
> >
> > Please let me know, I am not able to support you financially but this is
> > something I can do, to share the importance of your knowledge and
> > application to the Dutch understanding online.
> >
> > Kind regards,
> > Eva Bouwman
Some other people are interested in translating & discussing translator tools
for various PD/ free source software inckuding eg:
http://www.freebsd.org/community/mailinglists.html
http://lists.freebsd.org/mailman/listinfo/freebsd-translators
Dutch -- majordomo at nl.FreeBSD.org
http://www.freebsd.org/nl/
& I guess there may be similar for linux communities.
& as gpg runs on various bsd & linux etc, any work done on translating generic
gpg to Dutch could be available via OS dependent ports wrappers,
in case of freebsd:
http://www.freebsd.org/cgi/ports.cgi?query=gnupg&stype=all
http://svnweb.freebsd.org/ports/head/security/gnupg/
& I assume linux has similar.
Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich http://berklix.eu/jhs/
Mail plain text, No quoted-printable, HTML, base64, MS.doc.
Prefix old lines '> ' Reply below old, like play script. Break lines by 80.
Let Brits in EU vote on Brexit https://petition.parliament.uk/petitions/112142
From mick.crane at gmail.com Sat Apr 2 02:06:18 2016
From: mick.crane at gmail.com (mick crane)
Date: Sat, 02 Apr 2016 01:06:18 +0100
Subject: where is gnupg configure file
In-Reply-To: <56FEAE31.5040608@digitalbrains.com>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
<5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
<56FEAE31.5040608@digitalbrains.com>
Message-ID:
On 2016-04-01 18:21, Peter Lebbing wrote:
> On 01/04/16 10:21, mick crane wrote:
>> from what I read I don't think I can use gpg2 because
>> Debian GNU/Linux 8 (jessie)apt uses gpg1 at present.
>
> GnuPG 1.4 and GnuPG 2.x are co-installable, they can function
> side-by-side. If you take the Jessie GnuPG 2.0 package, you get 2.0,
> which will use the same key storage as 1.4.
>
> GnuPG 1.4.12 (with backported fixes from later releases) is in package
> gnupg, and the binary is called gpg. GnuPG 2.0.26 with backports is in
> package gnupg2, and the binary is called gpg2. You appear to have both
> installed.
is clearer I think but issue is does jessie apt work with gpg being gpg2
?
I can just try but I spent best part of a week making my new server
thingy as I would like it and I don't want to change something without
knowing what I am doing.
--
key ID: 0x4BFEBB31
From ineiev at gnu.org Sat Apr 2 06:27:03 2016
From: ineiev at gnu.org (Ineiev)
Date: Sat, 2 Apr 2016 00:27:03 -0400
Subject: Translate to dutch
In-Reply-To: <201604012234.u31MXxGD054334@fire.js.berklix.net>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
Message-ID: <20160402042703.GA24255@gnu.org>
On Sat, Apr 02, 2016 at 12:33:59AM +0200, Julian H. Stacey wrote:
> & as gpg runs on various bsd & linux etc, any work done on translating generic
> gpg to Dutch could be available via OS dependent ports wrappers,
> in case of freebsd:
> http://www.freebsd.org/cgi/ports.cgi?query=gnupg&stype=all
> http://svnweb.freebsd.org/ports/head/security/gnupg/
> & I assume linux has similar.
I wonder why to do the same work multiple times (once for every OS)
rather than to maintain a single translation upstream.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL:
From jhs at berklix.com Sat Apr 2 10:55:25 2016
From: jhs at berklix.com (Julian H. Stacey)
Date: Sat, 02 Apr 2016 10:55:25 +0200
Subject: Translate to dutch
In-Reply-To: Your message "Sat, 02 Apr 2016 09:55:05 +0200."
<2651540.MI23aX0vUX@renee-hpmk>
Message-ID: <201604020855.u328tPrX058447@fire.js.berklix.net>
Hi, Reference:
> From: Eva Bouwman
> Date: Sat, 02 Apr 2016 09:55:05 +0200
Eva Bouwman wrote:
> I will start where Dashamir suggested , I will also try to connect to the
> Dutch community regarding translating.
>
> Personally I tend to agree with Julian. My idea was not to write a OS
> dependent document, in my opinion the target audience will be narrowed down. I
Yes, language docu. for all OS's is best in one generic gpg source.
Just thought I'd give links to some translations tools & forums, &
mention OSs will have variegated ways of making/ wrapping gpg into
their own extended OS, along with 20 or 30 thousand other ported
packages (25,894 in case of http://www.freebsd.org/ports/ ) so
idealy ports inc. gpg might use/ be using standards that translators
forums might be aware of, eg top README.NL or README.HOLLAND or
README.DUTCH, whatever that might be a list of paths to more Dutch
docu. buried deeper in the generic gpg source tree ?
Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich http://berklix.eu/jhs/
Mail plain text, No quoted-printable, HTML, base64, MS.doc.
Prefix old lines '> ' Reply below old, like play script. Break lines by 80.
Let Brits in EU vote on Brexit https://petition.parliament.uk/petitions/112142
From peter at digitalbrains.com Sat Apr 2 12:42:31 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sat, 2 Apr 2016 12:42:31 +0200
Subject: where is gnupg configure file
In-Reply-To:
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
<5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
<56FEAE31.5040608@digitalbrains.com>
Message-ID: <56FFA217.7040906@digitalbrains.com>
On 02/04/16 02:06, mick crane wrote:
> is clearer I think but issue is does jessie apt work with gpg being gpg2 ?
apt will not ever use gpg2. On a normal Debian system, GnuPG 1.4 is
always installed. However, you can install and have installed GnuPG 2.0,
which will just be an additional installed package. It will in no way
replace anything from the GnuPG 1.4 package.
When you type (just as an example)
$ gpg --version
you will be using GnuPG 1.4.
When you type
$ gpg2 --version
you will be using GnuPG 2.0.
To reiterate, apt will always use GnuPG 1.4 from the gnupg package (and
gpgv from the gpgv package). You can use GnuPG 2.0 by starting your
command line with gpg2 as the program name.
This is all for Debian jessie. In the next release, some things will change.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From mick.crane at gmail.com Sat Apr 2 18:25:36 2016
From: mick.crane at gmail.com (mick crane)
Date: Sat, 02 Apr 2016 17:25:36 +0100
Subject: where is gnupg configure file
In-Reply-To: <56FFA217.7040906@digitalbrains.com>
References: <9c00c947d0e3490186187126f3defd3f@rapunzel.local>
<1f1bafdc77673ad7a6462b08cf4085a8@rapunzel.local>
<56FE0C07.7010609@gmail.com>
<5f16c728c9c4962217428c13d2d62ec5@rapunzel.local>
<56FEAE31.5040608@digitalbrains.com>
<56FFA217.7040906@digitalbrains.com>
Message-ID: <8536d489d9936bda27bdbc38a9a98ff6@rapunzel.local>
On 2016-04-02 11:42, Peter Lebbing wrote:
> To reiterate, apt will always use GnuPG 1.4 from the gnupg package (and
> gpgv from the gpgv package). You can use GnuPG 2.0 by starting your
> command line with gpg2 as the program name.
>
> This is all for Debian jessie. In the next release, some things will
> change.
>
> HTH,
>
> Peter.
yes thanks
--
key ID: 0x4BFEBB31
From c.kremsmayr at gmx.net Sun Apr 3 11:22:47 2016
From: c.kremsmayr at gmx.net (Christine Kremsmayr)
Date: Sun, 3 Apr 2016 11:22:47 +0200
Subject: How to interprete the output of --export-ownertrust?
Message-ID: <5700E0E7.3080206@gmx.net>
Hi everyone,
with the command gpg2 --export-ownertrust I can cause GnuPG to display
the owner trust values of the public keys in my keyring.
The problem: I don't know how to interprete the numbers to the right of
the fingerprints:
-----
C:\Users\ckr>gpg2 --export-ownertrust
gpg: verwende Vertrauensmodell PGP
# Liste der zugewiesenen Trustwerte, erzeugt am 02/28/16 13:42:21
Mitteleurop?ische Zeit
# ("gpg --import-ownertrust" um sie zu restaurieren)
356EE781EE3C34C00D605BD075B39FCADA0D42EF:3:
87441C8D5FA9D2D46F3CFE8FBD17F2430CE312D4:6:
B59D9B8DA5895CF837844F4EC440EB6B86F0B249:6:
C4C3767EFE9BF995431824EF6AD043812A4BF322:6:
3C41B1B124266AF139B902F24DC129B8831622ED:5:
-----
What is the meaniong of 3? And of 6? Does anybody know what the possible
values are that can be displayed?
Is there a mapping between these numbers and the owner trust values like
"unknown", "marginal", "complete" and so on?
I know, the answer lies in the source code. But unfortunately I am not
able to read or understand source code.
Best regards Christine
From dashohoxha at gmail.com Sun Apr 3 13:30:19 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Sun, 3 Apr 2016 13:30:19 +0200
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <5700E0E7.3080206@gmx.net>
References: <5700E0E7.3080206@gmx.net>
Message-ID:
On Sun, Apr 3, 2016 at 11:22 AM, Christine Kremsmayr
wrote:
> Hi everyone,
>
> with the command gpg2 --export-ownertrust I can cause GnuPG to display the
> owner trust values of the public keys in my keyring.
> The problem: I don't know how to interprete the numbers to the right of
> the fingerprints:
>
> -----
> C:\Users\ckr>gpg2 --export-ownertrust
> gpg: verwende Vertrauensmodell PGP
> # Liste der zugewiesenen Trustwerte, erzeugt am 02/28/16 13:42:21
> Mitteleurop?ische Zeit
> # ("gpg --import-ownertrust" um sie zu restaurieren)
> 356EE781EE3C34C00D605BD075B39FCADA0D42EF:3:
> 87441C8D5FA9D2D46F3CFE8FBD17F2430CE312D4:6:
> B59D9B8DA5895CF837844F4EC440EB6B86F0B249:6:
> C4C3767EFE9BF995431824EF6AD043812A4BF322:6:
> 3C41B1B124266AF139B902F24DC129B8831622ED:5:
> -----
>
> What is the meaniong of 3? And of 6? Does anybody know what the possible
> values are that can be displayed?
>
> Is there a mapping between these numbers and the owner trust values like
> "unknown", "marginal", "complete" and so on?
> I know, the answer lies in the source code. But unfortunately I am not
> able to read or understand source code.
>
The mapping is this (as far as I know):
4->full, 3->marginal, 2->none, 1->unknown
I am not sure where did I find this, but surely not from the source code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Sun Apr 3 13:56:57 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sun, 3 Apr 2016 13:56:57 +0200
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To:
References: <5700E0E7.3080206@gmx.net>
Message-ID: <57010509.9090702@digitalbrains.com>
On 03/04/16 13:30, Dashamir Hoxha wrote:
> The mapping is this (as far as I know):
> 4->full, 3->marginal, 2->none, 1->unknown
Nope, that's just how you enter them in the dialog:
> Please decide how far you trust this user to correctly verify other users' keys
> (by looking at passports, checking fingerprints from different sources, etc.)
>
> 1 = I don't know or won't say
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> 5 = I trust ultimately
> m = back to the main menu
>
> Your decision?
I don't know what the numbers in a trust database export mean; at the
very least, they seem to be one higher than the choices in the dialog
(note there are 6's in the output. On a quick check, this corresponded
to an ultimately trusted key, and a 4 corresponded to a marginally
trusted key).
However; this is meant as a machine-readable format, not a
human-readable one. I would have expected it to be documented in
doc/DETAILS, but I didn't find it with two scans through the document.
gpg2 --edit-key is for human consumption, gpg2 --export-ownertrust is
for a later --import-ownertrust, not for human consumption.
Christine, what are you trying to accomplish? Why do you need this
output from --export-ownertrust?
Also, when you start a new topic, could you please post a fresh new
message to the mailing list, instead of replying to an unrelated post?
People who use threading mail readers see this thread as part of the
"where is gnupg configure file" thread. They might even miss your
message altogether when they're not interested in that topic and ignore
any further messages in that thread.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From wk at gnupg.org Mon Apr 4 09:16:33 2016
From: wk at gnupg.org (Werner Koch)
Date: Mon, 04 Apr 2016 09:16:33 +0200
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <57010509.9090702@digitalbrains.com> (Peter Lebbing's message of
"Sun, 3 Apr 2016 13:56:57 +0200")
References: <5700E0E7.3080206@gmx.net>
<57010509.9090702@digitalbrains.com>
Message-ID: <87pou5c08e.fsf@wheatstone.g10code.de>
On Sun, 3 Apr 2016 13:56, peter at digitalbrains.com said:
> gpg2 --edit-key is for human consumption, gpg2 --export-ownertrust is
> for a later --import-ownertrust, not for human consumption.
Exactly - it does not constitute an open API; the format is private to
gpg.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From peter at digitalbrains.com Mon Apr 4 10:58:20 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 4 Apr 2016 10:58:20 +0200
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <57010509.9090702@digitalbrains.com>
References: <5700E0E7.3080206@gmx.net>
<57010509.9090702@digitalbrains.com>
Message-ID: <57022CAC.3050207@digitalbrains.com>
On 03/04/16 13:56, Peter Lebbing wrote:
> Also, when you start a new topic, could you please post a fresh new
> message to the mailing list, instead of replying to an unrelated post?
Two people mailed me to say they didn't think this had happened
(thanks!). They are right; sorry for my mistake.
For some unknown reason, /my/ mail reader thought it would be a good
idea to mix the threads, it was not Christine who did this. I have no
idea why, it's an odd bug. You can see what it looks like for me[1]. I
totally did not expect the problem to be on my side, but the mail was
clearly posted correctly. Again, my apologies to Christine.
Cheers,
Peter.
[1] http://digitalbrains.com/tmp/icedove-wrong-threading
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From c.kremsmayr at gmx.net Mon Apr 4 13:07:26 2016
From: c.kremsmayr at gmx.net (Christine Kremsmayr)
Date: Mon, 4 Apr 2016 13:07:26 +0200
Subject: Procedure of deriving a pruivate key from the password
Message-ID: <57024AEE.9040803@gmx.net>
I only have a vague and incomplete understandig of the procedure in
which GnuPG derives a private key from a password.
As far as I know each private key is stored in the private keyring by a
string-to-key-function.
The generation of the private key is as following:
1. The user creates a password.
2. GnuPG adds an accidential bit sequence (= salt) to the password. The
bit sequence is stored seperatedly from the password.
3. Password and Salt (bit sequence) are concatenated.
4. This concatenation is hased by the hash function in use
(--s2k-digest-algo).
Steps 2 to 4 builds up one iteration. I can control the number of
iterations by the option --s2k-count.
After the last iteration the resulting hash value is mangled. The result
of this mangling process ist the private key.
Question 1: What exactly is "mangling"?
Question 2: Did I get a correct understanding of the key derivation
process or am I wrong?
(Sry for my weird english.)
Best regards Christine
From dashohoxha at gmail.com Mon Apr 4 13:29:58 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Mon, 4 Apr 2016 13:29:58 +0200
Subject: Procedure of deriving a pruivate key from the password
In-Reply-To: <57024AEE.9040803@gmx.net>
References: <57024AEE.9040803@gmx.net>
Message-ID:
On Mon, Apr 4, 2016 at 1:07 PM, Christine Kremsmayr
wrote:
> I only have a vague and incomplete understandig of the procedure in which
> GnuPG derives a private key from a password.
To my understanding, the key is not derived from the passphrase, it is
generated independently of it. The passphrase is used to encrypt the
private key, in order to protect it. This is symmetric encryption and the
passphrase is stored nowhere.
I am not sure whether this helped you to understand it or made you even
more confuse.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From eva.milou at gmail.com Sat Apr 2 09:55:05 2016
From: eva.milou at gmail.com (Eva Bouwman)
Date: Sat, 02 Apr 2016 09:55:05 +0200
Subject: Translate to dutch
In-Reply-To: <20160402042703.GA24255@gnu.org>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org>
Message-ID: <2651540.MI23aX0vUX@renee-hpmk>
I will start where Dashamir suggested , I will also try to connect to the
Dutch community regarding translating.
Personally I tend to agree with Julian. My idea was not to write a OS
dependent document, in my opinion the target audience will be narrowed down. I
think that is a pity, because of the message you are sending is a important
one.
Before I got in touch I started with the mini-how-to and my intention was to
send it to you so it could be posted as one of the available languages, but it
needs a little more explaining from keywords, like encryption and keys how
does it work. That's why I asked your input in where to start and if you are
interested to post it on your website.
So far my input, always open for feedback and a different approach.
Regards Eva
Op zaterdag 2 april 2016 00:27:03 schreef Ineiev:
> On Sat, Apr 02, 2016 at 12:33:59AM +0200, Julian H. Stacey wrote:
> > & as gpg runs on various bsd & linux etc, any work done on translating
> > generic gpg to Dutch could be available via OS dependent ports wrappers,
> >
> > in case of freebsd:
> > http://www.freebsd.org/cgi/ports.cgi?query=gnupg&stype=all
> > http://svnweb.freebsd.org/ports/head/security/gnupg/
> >
> > & I assume linux has similar.
>
> I wonder why to do the same work multiple times (once for every OS)
> rather than to maintain a single translation upstream.
From rjh at sixdemonbag.org Mon Apr 4 14:15:05 2016
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 4 Apr 2016 08:15:05 -0400
Subject: Procedure of deriving a pruivate key from the password
In-Reply-To: <57024AEE.9040803@gmx.net>
References: <57024AEE.9040803@gmx.net>
Message-ID: <57025AC9.2020500@sixdemonbag.org>
> I only have a vague and incomplete understandig of the procedure in
> which GnuPG derives a private key from a password.
Private keys aren't derived from passphrases.
> After the last iteration the resulting hash value is mangled. The result
> of this mangling process ist the private key.
The result is used as an AES256 key and used to decrypt the private key
file.
From flapflap at riseup.net Mon Apr 4 18:34:26 2016
From: flapflap at riseup.net (flapflap)
Date: Mon, 4 Apr 2016 16:34:26 +0000
Subject: Translate to dutch
In-Reply-To: <2651540.MI23aX0vUX@renee-hpmk>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
Message-ID: <57029792.6070308@riseup.net>
Eva Bouwman:
> Before I got in touch I started with the mini-how-to and my intention was to
> send it to you so it could be posted as one of the available languages, but it
> needs a little more explaining from keywords, like encryption and keys how
> does it work. That's why I asked your input in where to start and if you are
> interested to post it on your website.
If you have questions on cryptography, keys etc. or want to get in touch
with other dutch people (e.g. reviewers, co-translators,
clarification/discussion of domain specific terms), you could also look
for events/cyptoparties in your area:
https://www.cryptoparty.in/location#netherlands
https://privacycafe.bof.nl/
~flapflap
From dashohoxha at gmail.com Mon Apr 4 20:28:26 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Mon, 4 Apr 2016 20:28:26 +0200
Subject: Award for the Advancement of Free Software
Message-ID:
http://www.fsf.org/news/library-freedom-project-and-werner-koch-are-2015-free-software-awards-winners
Congratulations!
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mostafa.shahdadi at icloud.com Mon Apr 4 17:39:13 2016
From: mostafa.shahdadi at icloud.com (mostafa shahdadi)
Date: Mon, 04 Apr 2016 20:09:13 +0430
Subject: where is gnupg configure file
Message-ID: <549C3AA0-00BA-40B1-9D39-411A4095F2D5@icloud.com>
Sent from my iPad
From dougb at dougbarton.email Tue Apr 5 06:37:45 2016
From: dougb at dougbarton.email (Doug Barton)
Date: Mon, 4 Apr 2016 21:37:45 -0700
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <57022CAC.3050207@digitalbrains.com>
References: <5700E0E7.3080206@gmx.net>
<57010509.9090702@digitalbrains.com> <57022CAC.3050207@digitalbrains.com>
Message-ID: <57034119.7060403@dougbarton.email>
On 04/04/2016 01:58 AM, Peter Lebbing wrote:
> On 03/04/16 13:56, Peter Lebbing wrote:
>> Also, when you start a new topic, could you please post a fresh new
>> message to the mailing list, instead of replying to an unrelated post?
>
> Two people mailed me to say they didn't think this had happened
> (thanks!). They are right; sorry for my mistake.
>
> For some unknown reason, /my/ mail reader thought it would be a good
> idea to mix the threads, it was not Christine who did this. I have no
> idea why, it's an odd bug. You can see what it looks like for me[1]. I
> totally did not expect the problem to be on my side, but the mail was
> clearly posted correctly. Again, my apologies to Christine.
As someone who is also hyper-sensitive to that issue, I've been right
where you're at. :) I learned to check the headers, and look for
References: (sometimes spelled In-Reply-To:) with one or more message
Ids after.
The problem you're seeing is that sometimes tbird's index gets corrupt.
You can either rebuild the folder, or sometimes copying the new thread
out of the folder, then copying it back in, does the trick.
hth,
Doug
From peter at digitalbrains.com Tue Apr 5 11:06:40 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 5 Apr 2016 11:06:40 +0200
Subject: Translate to dutch
In-Reply-To: <2651540.MI23aX0vUX@renee-hpmk>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
Message-ID: <57038020.7000705@digitalbrains.com>
On 02/04/16 09:55, Eva Bouwman wrote:
> I will start where Dashamir suggested , [...]
> Personally I tend to agree with Julian. My idea was not to write a OS
> dependent document, in my opinion the target audience will be narrowed down.
These two statements seem to be in opposition. Dashamir's project has a
pretty narrow target audience. His code will not run on Windows, and the
project is aimed at people comfortable with working at the command line,
whereas most beginners will use a GUI tool. If you want to reach a big
audience, you should probably work on either GnuPG documentation itself
or documentation for a commonly used GUI tool, perhaps Kleopatra or
Enigmail? Personally, I use the command line, I'm not that accustomed to
the GUI tools.
By the way, I'm Dutch and I enjoy playing with language. If you run into
trouble translating something, I might be able to help.
Cheers,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From dashohoxha at gmail.com Tue Apr 5 11:31:25 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Tue, 5 Apr 2016 11:31:25 +0200
Subject: Translate to dutch
In-Reply-To: <57038020.7000705@digitalbrains.com>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
<57038020.7000705@digitalbrains.com>
Message-ID:
On Tue, Apr 5, 2016 at 11:06 AM, Peter Lebbing
wrote:
> On 02/04/16 09:55, Eva Bouwman wrote:
> > I will start where Dashamir suggested , [...]
>
> > Personally I tend to agree with Julian. My idea was not to write a OS
> > dependent document, in my opinion the target audience will be narrowed
> down.
>
> These two statements seem to be in opposition. Dashamir's project has a
> pretty narrow target audience. His code will not run on Windows, and the
>
Mind what you say ;)
http://www.theverge.com/2016/3/30/11331014/microsoft-windows-linux-ubuntu-bash
> project is aimed at people comfortable with working at the command line,
> whereas most beginners will use a GUI tool. If you want to reach a big
> audience, you should probably work on either GnuPG documentation itself
> or documentation for a commonly used GUI tool, perhaps Kleopatra or
> Enigmail? Personally, I use the command line, I'm not that accustomed to
> the GUI tools.
>
GnuPG is also aimed at people comfortable with working at the command line.
So I would say that the potential audience of EasyGPG is greater than that
of plain GPG.
I can't make any comparison to GUI tools, but there are at least two people
here that are not accustomed at them (me and you).
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From paolo.bolzoni.brown at gmail.com Tue Apr 5 11:37:29 2016
From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni)
Date: Tue, 5 Apr 2016 11:37:29 +0200
Subject: Translate to dutch
In-Reply-To:
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
<57038020.7000705@digitalbrains.com>
Message-ID:
> GnuPG is also aimed at people comfortable with working at the command line.
> So I would say that the potential audience of EasyGPG is greater than that
> of plain GPG.
Wait? What? I am missing one important detail, a part of slightly
obnoxious advertisement in this mailing list, how do you plan to
attract people to use your bash scripts?
From peter at digitalbrains.com Tue Apr 5 12:06:25 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 5 Apr 2016 12:06:25 +0200
Subject: Translate to dutch
In-Reply-To:
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
<57038020.7000705@digitalbrains.com>
Message-ID: <57038E21.2080900@digitalbrains.com>
Dashamir, note I wasn't attacking your project. I was pointing out that
it seemed to me that Eva said she wanted to spend her volunteered time
in one way but at the same time seemed about to spend it in another. She
wanted to reach a large audience, I was merely giving context so she
could make better informed choices.
On 05/04/16 11:31, Dashamir Hoxha wrote:
> GnuPG is also aimed at people comfortable with working at the command line.
> So I would say that the potential audience of EasyGPG is greater than that
> of plain GPG.
Documentation is more than invocation. You can document a whole lot of
GnuPG, OpenPGP and what not without ever instructing someone to type
something on the command line. But maybe I should have described it as
"GnuPG and OpenPGP", which is what I meant.
> I can't make any comparison to GUI tools, but there are at least two people
> here that are not accustomed at them (me and you).
Well, that's a bit disingenious, I'm not the target audience of /your/
project either. I'm quite comfortable with GnuPG on the command line. I
do have Enigmail by the way, for its main feature, the integration to
Thunderbird. E-mail is a thing I don't do on the command line (yet?).
Cheers,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From dashohoxha at gmail.com Tue Apr 5 12:28:04 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Tue, 5 Apr 2016 12:28:04 +0200
Subject: Translate to dutch
In-Reply-To: <57038E21.2080900@digitalbrains.com>
References:
<201604012234.u31MXxGD054334@fire.js.berklix.net>
<20160402042703.GA24255@gnu.org> <2651540.MI23aX0vUX@renee-hpmk>
<57038020.7000705@digitalbrains.com>
<57038E21.2080900@digitalbrains.com>
Message-ID:
On Tue, Apr 5, 2016 at 12:06 PM, Peter Lebbing
wrote:
> Dashamir, note I wasn't attacking your project.
>
I wasn't attacking yours either.
I simply expressed my opinion, and maybe I am wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From mls at dabpunkt.eu Tue Apr 5 14:57:59 2016
From: mls at dabpunkt.eu (Daniel Baur)
Date: Tue, 5 Apr 2016 14:57:59 +0200
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <57034119.7060403@dougbarton.email>
References: <5700E0E7.3080206@gmx.net>
<57010509.9090702@digitalbrains.com> <57022CAC.3050207@digitalbrains.com>
<57034119.7060403@dougbarton.email>
Message-ID: <5703B657.7050004@dabpunkt.eu>
Hello,
Am 05.04.2016 um 06:37 schrieb Doug Barton:
> I learned to check the headers, and look for References: (sometimes
> spelled In-Reply-To:) with one or more message Ids after.
while it is off-topic: The In-Reply-to and References-header are not the
same. The in-reply-to-header tells you, for which message a message is a
direct reply. The reference-header tells to which emails the mail
belongs. Now-adays the reference-header are not very useful anymore, but
in the old-times it could happen that a reply reached a third party
before the original message reached the third.
Example: You have 3 emails.
Starter: Message-ID: A
Answer: Message-ID: B, In-reply-to: A, References: A
Answer-Answer: Message-ID: C, In-reply: B, References: An, B
If the answer-answer (C) reaches you before the answer (B), your
email-program still knows that it somehow belongs to the starter-eMail
(A). When the answer (B) reaches you, your eMail-programm can sort it in
the right position, using the in-reply-to-field.
Sincerely,
DaB.
P.S: I learned it the hard way that people that use the reply-button for
new emails that not so bad like the smartphone-guys that write an new
email for an reply.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL:
From jon at sprig.gs Tue Apr 5 16:59:24 2016
From: jon at sprig.gs (Jon Spriggs)
Date: Tue, 5 Apr 2016 15:59:24 +0100
Subject: Scripting GPG without retaining keys
Message-ID:
Hi all,
I'm trying to write a script which encrypts against keys retrieved
from a keyserver but doesn't cache them.
I've got the following:
gpg --no-options --trust-model always --no-default-keyring --keyserver
ldap://keyserver.example.com --keyserver-options auto-key-retrieve
--recipient user at example.com --encrypt a_file.txt
I keep getting "gpg: user at example.com: skipped: No public key"
However, if I replace --recipient and --encrypt with --search-keys
user at example.com I get the key back.
Is this a failure in my understanding of the gpg command line, or have
I missed some fundamental part of the documentation somewhere?
Thanks in advance!
--
Jon "The Nice Guy" Spriggs
From wk at gnupg.org Tue Apr 5 19:56:32 2016
From: wk at gnupg.org (Werner Koch)
Date: Tue, 05 Apr 2016 19:56:32 +0200
Subject: Scripting GPG without retaining keys
In-Reply-To:
(Jon Spriggs's message of "Tue, 5 Apr 2016 15:59:24 +0100")
References:
Message-ID: <8760vwym5r.fsf@wheatstone.g10code.de>
On Tue, 5 Apr 2016 16:59, jon at sprig.gs said:
> Is this a failure in my understanding of the gpg command line, or have
> I missed some fundamental part of the documentation somewhere?
auto-key-retrieve
This option enables the automatic retrieving of keys from a
keyserver when _verifying_ signatures made by keys that are not on
the local keyring.
[...]
What you want is
--auto-key-locate local,keyserver
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From dougb at dougbarton.email Wed Apr 6 07:01:01 2016
From: dougb at dougbarton.email (Doug Barton)
Date: Tue, 5 Apr 2016 22:01:01 -0700
Subject: How to interprete the output of --export-ownertrust?
In-Reply-To: <5703B657.7050004@dabpunkt.eu>
References: <5700E0E7.3080206@gmx.net>
<57010509.9090702@digitalbrains.com> <57022CAC.3050207@digitalbrains.com>
<57034119.7060403@dougbarton.email> <5703B657.7050004@dabpunkt.eu>
Message-ID: <5704980D.5010100@dougbarton.email>
On 04/05/2016 05:57 AM, Daniel Baur wrote:
> while it is off-topic: The In-Reply-to and References-header are not the
> same.
Depending on the mail client that may or may not be true. :)
But more importantly, the existence of either header will tell the
person looking at the headers that the message is not new, it's a
response of some sort; which was the point I was trying to make.
When considering extending the life of an off-topic thread it's
worthwhile to consider how much you're benefiting the members of the
list, vs:
https://xkcd.com/386/
From cannon at cannon-ciota.info Wed Apr 6 09:38:04 2016
From: cannon at cannon-ciota.info (CANNON NATHANIEL CIOTA)
Date: Wed, 06 Apr 2016 07:38:04 +0000
Subject: Using gpg for ssh access
In-Reply-To: <56EA7B8B.70503@incenp.org>
References: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info>
<56EA7B8B.70503@incenp.org>
Message-ID: <1bbb6a1abef3564655dcfcc5f90d2b89@cannon-ciota.info>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 03/17/2016 07:32 AM, CANNON NATHANIEL CIOTA wrote:
Can someone inform the correct procedure for using gpg to access
ssh?
- ----
On Thursday 17 March 2016 at 10:40:27, Damien Goutte-Gattat wrote:
If I may, I wrote two blog posts on this subject:
* http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html
(for GnuPG 2.0)
* http://www.incenp.org/notes/2015/gnupg-for-ssh-authentication.html
(for GnuPG 2.1)
I hope you?ll find them useful. If not, do not hesitate to ask for
clarifications.
From what you said, the step you probably missed is to use gpg-agent as
a drop-in replacement for ssh-agent.
- ----
Thanks for the info. Today I had chance to try this out, still having
trouble using ssh with gpg. Can you please clarify what steps are to be
used on server side and steps on client side? My current scenario, both
server and client are linux command line interface only. My smartcard
has a subkey for use with authentication.
Thanks
Cannon
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXBLw8AAoJEAYDai9lH2mwx5IP/22poO7uUJ871ZRGG41g624N
5DMNygpitvmUg1S6CW0rPwuAw/QUtsNMxiq/zeTeaAxeiV9WYT/it+5WXXMgO8L2
2sdVfEveHkj+hGXWj6D00XPBk85Zmsxw5sqbY2HTTtcB06qhrPyGVTzdhvRpNGGZ
FyjbsUr0qWPU1WDr4F63lt0oslKPiFVvJdDcGji1u0bbSX5BKf6Cq8+YYKhm3Dog
netO2jtzkWPfN9DUKzVWPWogoMqGWo80IJi51Uyslwd5cHn0Ns+kCly9qXkPIRaH
/blZuqXduVDbg663iHADxT855DgWk3UgwcwGZ2s5vc63nOJjowlT++TCI73Y8nPq
jzRVrdgadkqxVQH6sX6N02ZHUQEjwg3RhlRlo/f8SW2tHTqpyhuES32Q+IQql1vG
SD8supKZ+KyYNNjVodqmBw6bgHh2tkVducF5KgKQT43kPci/oy0XoyenE2Gvz5Ku
pZnMYQbg/QV6ZQjWnROutbS2A2qV5IdIJGQxEXGpxfI0VyaINhT/Lb0DWJxxEaVW
LeR7CKxdudstBiGuXL1e2LdJzYinh2j6nAEFJqe0GaEjiM2jiIQBNbLc2cerp827
orC+v8wmC6hufnFWtPrq8730FXh/UYnNI/NH1eF9wDjqeDJ/s4/beIQ6ZMaKp0qa
Bp2mhnI3SfwkjJVFQGn0
=sqXi
-----END PGP SIGNATURE-----
--
Cannon N. Ciota
Digital Identity (namecoin): id/cannon
Website: www.cannon-ciota.info
Email: cannon at cannon-ciota.info
PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
From dgouttegattat at incenp.org Wed Apr 6 12:48:40 2016
From: dgouttegattat at incenp.org (Damien Goutte-Gattat)
Date: Wed, 6 Apr 2016 12:48:40 +0200
Subject: Using gpg for ssh access
In-Reply-To: <1bbb6a1abef3564655dcfcc5f90d2b89@cannon-ciota.info>
References: <79b08d207d51fc1995d4823c1639b7bc@cannon-ciota.info>
<56EA7B8B.70503@incenp.org>
<1bbb6a1abef3564655dcfcc5f90d2b89@cannon-ciota.info>
Message-ID: <5704E988.1030004@incenp.org>
On 04/06/2016 09:38 AM, CANNON NATHANIEL CIOTA wrote:
> Thanks for the info. Today I had chance to try this out, still having
> trouble using ssh with gpg. Can you please clarify what steps are to be
> used on server side and steps on client side? My current scenario, both
> server and client are linux command line interface only. My smartcard
> has a subkey for use with authentication.
Then if GPG Agent is up and running and configured to act as a SSH
agent, it should automatically detect the authentication subkey and make
it available to SSH clients.
First, could you please tell us which version of GnuPG you are using?
Most importantly, we need to know if you're using 2.0 or 2.1.
Then, check whether SSH support is enabled in GPG Agent. You can use the
following command:
gpg-connect-agent "GETINFO ssh_socket_name" /bye
which should print the path to the SSH socket if SSH support is enabled,
or give you an error message if it is not.
If SSH support is not enabled, enable it by adding the following line:
enable-ssh-support
in the configuration for GPG Agent (~/.gnupg/gpg-agent.conf, you may
need to create that file if it does not already exist), then kill the agent:
gpgconf --kill gpg-agent
and re-run the first command again.
Once you have confirmed that SSH support is available from the agent,
check the value of the SSH_AUTH_SOCK environment variable. That variable
must point to the agent's SSH socket (as returned by the GETINFO command
above) in order for SSH clients to know how to contact the agent.
Then, insert your card into your card reader and run `ssh-add -L`. If
everything went fine, that command should print the public part of your
authentication subkey, in a format suitable for inclusion into an
authorized_keys file on your server.
If something did *not* go fine, please report any error message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL:
From dick.visser at geant.org Wed Apr 6 12:14:14 2016
From: dick.visser at geant.org (Dick Visser)
Date: Wed, 6 Apr 2016 12:14:14 +0200
Subject: Change the location of the gpg-agent socket?
Message-ID:
Hi
I'm using gnupg 2.1.11 on OSX. This works great.
I'm using BOX as a sync tool to keep my .gnupg directory backed up.
However, BOX chokes on the unix socket 'S.gpg-agent' that's there when
the agent is running.
I've searched through the docs but couldn't find a way to configure
the location of the socket, other than at compile time.
Any ideas how to achieve this at runtime?
Many thanks!
Dick Visser
From andrewg at andrewg.com Wed Apr 6 14:08:37 2016
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Wed, 6 Apr 2016 13:08:37 +0100
Subject: Change the location of the gpg-agent socket?
In-Reply-To:
References:
Message-ID: <9E46BE58-4BA9-4D35-AB41-F663E998909A@andrewg.com>
> On 6 Apr 2016, at 11:14, Dick Visser wrote:
>
> Hi
>
> I'm using gnupg 2.1.11 on OSX. This works great.
> I'm using BOX as a sync tool to keep my .gnupg directory backed up.
> However, BOX chokes on the unix socket 'S.gpg-agent' that's there when
> the agent is running.
> I've searched through the docs but couldn't find a way to configure
> the location of the socket, other than at compile time.
Would it not make more sense to add an exclusion for the socket in your backup config?
Andrew
From dick.visser at geant.org Wed Apr 6 16:24:00 2016
From: dick.visser at geant.org (Dick Visser)
Date: Wed, 6 Apr 2016 16:24:00 +0200
Subject: Change the location of the gpg-agent socket?
In-Reply-To: <9E46BE58-4BA9-4D35-AB41-F663E998909A@andrewg.com>
References:
<9E46BE58-4BA9-4D35-AB41-F663E998909A@andrewg.com>
Message-ID:
It would, but that's not possible, so that's why i was asking.
Background, .gnupg being a configuration directory, and sockets seem
like a weird thing for a configuration directory. System sockets
aren't created in /etc/ either but usually in /var/run or something.
Dick
On 6 April 2016 at 14:08, Andrew Gallagher wrote:
>
>> On 6 Apr 2016, at 11:14, Dick Visser wrote:
>>
>> Hi
>>
>> I'm using gnupg 2.1.11 on OSX. This works great.
>> I'm using BOX as a sync tool to keep my .gnupg directory backed up.
>> However, BOX chokes on the unix socket 'S.gpg-agent' that's there when
>> the agent is running.
>> I've searched through the docs but couldn't find a way to configure
>> the location of the socket, other than at compile time.
>
> Would it not make more sense to add an exclusion for the socket in your backup config?
>
> Andrew
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
From wk at gnupg.org Wed Apr 6 17:09:34 2016
From: wk at gnupg.org (Werner Koch)
Date: Wed, 06 Apr 2016 17:09:34 +0200
Subject: Change the location of the gpg-agent socket?
In-Reply-To:
(Dick Visser's message of "Wed, 6 Apr 2016 16:24:00 +0200")
References:
<9E46BE58-4BA9-4D35-AB41-F663E998909A@andrewg.com>
Message-ID: <87oa9mwz81.fsf@wheatstone.g10code.de>
On Wed, 6 Apr 2016 16:24, dick.visser at geant.org said:
> Background, .gnupg being a configuration directory, and sockets seem
No, it is not a configuration directory. All your keys and other var
data lives there as well.
> like a weird thing for a configuration directory. System sockets
> aren't created in /etc/ either but usually in /var/run or something.
It is not a system socket but a per-user socket. Anyway, we are
planning to move the socket to /run/user//gnupg/ to keep the socket
name short enough for the socket API.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From philip.colmer at linaro.org Wed Apr 6 17:33:41 2016
From: philip.colmer at linaro.org (Philip Colmer)
Date: Wed, 6 Apr 2016 16:33:41 +0100
Subject: Using LDAP keyservers with gpg 2.1.11
Message-ID:
I've configured our LDAP server to act as a keyserver for use with
GnuPG. In testing, with version 1.x and 2.0, sending keys to the
keyserver works.
However, with version 2.1.11, it isn't working. Enabling debug options
where I can find them gives me this output:
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 GETINFO version
gpg: DBG: chan_4 KEYSERVER --clear ldaps://:@login.linaro.org
gpg: DBG: chan_4 KEYSERVER
gpg: DBG: chan_4 :@login.linaro.org
gpg: DBG: chan_4 1)
gpg: DBG: keyring_search: searching from start of resource.
gpg: DBG: iobuf-2.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-2.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-2.0: A->FILTER() returned rc=0 (ok), read 1211 bytes
gpg: DBG: parse_packet(iob=2): type=6 length=269 (search.keyring.c.1115)
gpg: DBG: keyring_search: packet starting at offset 0 matched descriptor 0
gpg: DBG: keyring_search: returning success
gpg: DBG: free_packet() type=6
gpg: DBG: keydb_search: searched keyring (resource 0 of 1) => Success
gpg: DBG: [not enabled in the source] keydb_search leave (found)
gpg: DBG: [not enabled in the source] keydb_get_keybock enter
gpg: DBG: fd_cache_open (/home/ubuntu/.gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-3.0: open '/home/ubuntu/.gnupg/pubring.gpg'
desc=file_filter(fd) fd=6
gpg: DBG: iobuf-3.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-3.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-3.0: A->FILTER() returned rc=0 (ok), read 1211 bytes
gpg: DBG: parse_packet(iob=3): type=6 length=269 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=13 length=40 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=2 length=318 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=12 length=2 (parse.keyring.c.414)
gpg: DBG: free_packet() type=12
gpg: DBG: parse_packet(iob=3): type=14 length=269 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=2 length=293 (parse.keyring.c.414)
gpg: DBG: parse_packet(iob=3): type=12 length=2 (parse.keyring.c.414)
gpg: DBG: free_packet() type=12
gpg: DBG: iobuf-3.0: underflow: buffer size: 8192; still buffered: 0
=> space for 8192 bytes
gpg: DBG: iobuf-3.0: underflow: A->FILTER (8192 bytes)
gpg: DBG: iobuf-3.0: A->FILTER() returned rc=-1 (EOF), read 0 bytes
gpg: DBG: /home/ubuntu/.gnupg/pubring.gpg: close fd/handle 6
gpg: DBG: fd_cache_close (/home/ubuntu/.gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-3.0: close '?'
gpg: DBG: [not enabled in the source] keydb_get_keyblock leave
gpg: DBG: build_packet() type=6
gpg: DBG: iobuf-4.0: close '?'
gpg: DBG: build_packet() type=13
gpg: DBG: build_packet() type=2
gpg: DBG: iobuf-5.0: close '?'
gpg: DBG: build_packet() type=14
gpg: DBG: iobuf-6.0: close '?'
gpg: DBG: build_packet() type=2
gpg: DBG: iobuf-7.0: close '?'
gpg: DBG: iobuf-2.0: close 'file_filter(fd)'
gpg: DBG: /home/ubuntu/.gnupg/pubring.gpg: close fd/handle 5
gpg: DBG: fd_cache_close (/home/ubuntu/.gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: close '?'
gpg: sending key DC6F3C29 to ldaps://:@login.linaro.org
gpg: DBG: chan_4 -> KS_PUT
gpg: DBG: chan_4 [ 44 20 99 01 25 30 44 04 56 fe 8f d2 01 08 00 c2
...(982 byte(s) skipped) ]
gpg: DBG: chan_4 -> [ 44 20 20 4f ad 28 53 1c 95 8a ae 0f 57 5f 35 fc
...(231 byte(s) skipped) ]
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4 D
pub::2048:1:4625A9B1DC6F3C29:1459523538:1460128338::::::::::%0Auid:::::1459523538::::Philip
Colmer :::::::%0Asig::::4625A9B1DC6F3C29:1459523538:::::::::::%0Asub::2048:1:87E613C66F047E92:1459523538:1460128338::::::::::%0A
gpg: DBG: chan_4 -> END
gpg: DBG: chan_4
gpg: DBG: free_packet() type=6
gpg: DBG: free_packet() type=13
gpg: DBG: free_packet() type=2
gpg: DBG: free_packet() type=14
gpg: DBG: free_packet() type=2
gpg: keyserver send failed: No keyserver available
gpg: keyserver send failed: No keyserver available
gpg: DBG: chan_4 -> BYE
gpg: DBG: [not enabled in the source] stop
I can't seem to turn up the debugging any higher in order to find out
why Dirmngr is reporting "No keyserver available". I can't find that
message in the source code either so I can't add any extra debugging
statements.
Does anyone know what changed between 2.0 and 2.1 that would
specifically affect LDAP keyserver operation? Or, failing that, what I
should be looking at in order to troubleshoot this further?
Thanks.
Philip
From junkemail at paulapplegate.com Wed Apr 6 20:06:43 2016
From: junkemail at paulapplegate.com (Paul Applegate)
Date: Wed, 6 Apr 2016 14:06:43 -0400
Subject: Git clone error
Message-ID: <344601BC-30E0-4D07-A33C-FADFEA127E65@paulapplegate.com>
I get the following error when I try to clone gnupg:
Cloning into 'gnupg'...
fatal: read error: Connection reset by peer
I?ve tried to clone it from two different IP addresses. Is there something wrong with the repository?
Thanks,
Paul
From wk at gnupg.org Thu Apr 7 10:07:02 2016
From: wk at gnupg.org (Werner Koch)
Date: Thu, 07 Apr 2016 10:07:02 +0200
Subject: Git clone error
In-Reply-To: <344601BC-30E0-4D07-A33C-FADFEA127E65@paulapplegate.com> (Paul
Applegate's message of "Wed, 6 Apr 2016 14:06:43 -0400")
References: <344601BC-30E0-4D07-A33C-FADFEA127E65@paulapplegate.com>
Message-ID: <87h9fdu9jt.fsf@wheatstone.g10code.de>
On Wed, 6 Apr 2016 20:06, junkemail at paulapplegate.com said:
> I?ve tried to clone it from two different IP addresses. Is there something wrong with the repository?
No, just DoS. Try again.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Thu Apr 7 16:40:10 2016
From: wk at gnupg.org (Werner Koch)
Date: Thu, 07 Apr 2016 16:40:10 +0200
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To:
(Philip Colmer's message of "Wed, 6 Apr 2016 16:33:41 +0100")
References:
Message-ID: <8760vtscs5.fsf@wheatstone.g10code.de>
On Wed, 6 Apr 2016 17:33, philip.colmer at linaro.org said:
> However, with version 2.1.11, it isn't working. Enabling debug options
> where I can find them gives me this output:
Please enable debugging for dirmngr and restart dirmngr. All network
access is done via the dirmngr daemon which is started when needed.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From philip.colmer at linaro.org Thu Apr 7 16:58:24 2016
From: philip.colmer at linaro.org (Philip Colmer)
Date: Thu, 7 Apr 2016 15:58:24 +0100
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To: <8760vtscs5.fsf@wheatstone.g10code.de>
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
Message-ID:
On 7 April 2016 at 15:40, Werner Koch wrote:
> On Wed, 6 Apr 2016 17:33, philip.colmer at linaro.org said:
>
>> However, with version 2.1.11, it isn't working. Enabling debug options
>> where I can find them gives me this output:
>
> Please enable debugging for dirmngr and restart dirmngr. All network
> access is done via the dirmngr daemon which is started when needed.
I've configured debugging for dirmngr in dirmngr.conf as follows:
debug-level guru
debug-all
dirmngr is running with its homedir set to the directory containing
that conf file.
If I should be doing something different to get more debugging info
out of dirmngr, please clarify. At the moment, the only information I
seem to be getting is:
gpg: DBG: chan_4
Which doesn't really tell me much, and I cannot figure out where in
the source code this is happening.
Regards
Philip
From kristian.fiskerstrand at sumptuouscapital.com Thu Apr 7 18:03:59 2016
From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand)
Date: Thu, 7 Apr 2016 18:03:59 +0200
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To:
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
Message-ID: <570684EF.2020307@sumptuouscapital.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/07/2016 04:58 PM, Philip Colmer wrote:
> On 7 April 2016 at 15:40, Werner Koch wrote:
>> On Wed, 6 Apr 2016 17:33, philip.colmer at linaro.org said:
>>
>>> However, with version 2.1.11, it isn't working. Enabling debug
>>> options where I can find them gives me this output:
>>
>> Please enable debugging for dirmngr and restart dirmngr. All
>> network access is done via the dirmngr daemon which is started
>> when needed.
>
> I've configured debugging for dirmngr in dirmngr.conf as follows:
>
> debug-level guru debug-all
>
> dirmngr is running with its homedir set to the directory
> containing that conf file.
>
> If I should be doing something different to get more debugging
> info out of dirmngr, please clarify. At the moment, the only
> information I seem to be getting is:
>
> gpg: DBG: chan_4
is ldap listed as a schema when doing KEYSERVER --help ? you can also
check if ldd /usr/bin/dirmngr shows a linkage to libldap
- --
- ----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJXBoTrAAoJECULev7WN52F3MkH/iR6xVI49aBItDWtP+AShovp
6bnQ1E2iEA0FXo04LdKw4ab/REnsGXsOqVvtyjndqIO32lFzw4dw73wwJUq0m12N
xqQuNJASMs+Gu/jzQh/JiYmorilZgt+S7QgElIIureeD1oH3gKAvFalrATxex03e
0nG0bQQE/WJnpRITP8qW9pP0XWR8bqUiOd9bIAmeHntuZj1RJif87a4ntcWPc7xt
X3cLRphIL+AxGk2kL8g0Y4ojbZ0GQfyYHlg6X6cYXIIu7Pv4cdmzCUGjoMuex70K
+uFv1TP+TNV30oJwDea72zegty04H8QvreCx6dGAni+PNwcF96J8csi0RX7UGqM=
=U3Uh
-----END PGP SIGNATURE-----
From kristian.fiskerstrand at sumptuouscapital.com Fri Apr 8 12:55:55 2016
From: kristian.fiskerstrand at sumptuouscapital.com (Kristian Fiskerstrand)
Date: Fri, 8 Apr 2016 12:55:55 +0200
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To:
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
<570684EF.2020307@sumptuouscapital.com>
Message-ID: <57078E3B.8070704@sumptuouscapital.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/08/2016 12:38 PM, Philip Colmer wrote:
> On 7 April 2016 at 17:03, Kristian Fiskerstrand
> wrote:
>> is ldap listed as a schema when doing KEYSERVER --help ? you can
>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap
>
> Sorry - how do I check the schema? I'm not sure what command you
> are asking me to run.
$ dirmngr
OK Dirmngr 2.1.11 at your service
KEYSERVER --help
S # Known schemata:
S # hkp
S # hkps
S # http
S # finger
S # kdns
S # ldap
S # (Use an URL for engine specific help.)
OK
>
> With regards to the ldd command, no, there is no linkage to
> libldap. I have the libldap package installed, so do I need to do
> something to get gnupg to link to it when I build it?
>
you need the appropriate header files for the library (-dev packages
as well) and for good measure I specify --with-ldap in the gnupg build
- --
- ----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJXB443AAoJECULev7WN52FO2wIAMbGQp92GrEtCwF0wXZ6PJTA
otCRJC37Wvcsk+2zcW1Tkfe+zauSDblsTAy6GkrYTvWGdzR/Bt+vSFU8A8qzTe/Q
QBPtYU6I5ErPdj3VGpPZ7ruboH/R3pRT6DREd4Ag/FqqaHoEPA9+ePvpzgXOZiS6
9DktTodvqZDhxhI7xjbGVeGnq8YfrXTshjEyAThpIjOHQBFheMvdmHc9yvvFWnFn
jpnXRJK2XiGiorvigsAtBhXwoGzwdFjyEsXL3ljSEUUQRWDlvEnwUPCThGu1FwiU
eK/6wS3XZ67gWUE0bY5nZQNDrf1hYTqrlBHZq9PuuRwSY8oW2O83VhAi381AFwE=
=tAhY
-----END PGP SIGNATURE-----
From philip.colmer at linaro.org Fri Apr 8 13:19:14 2016
From: philip.colmer at linaro.org (Philip Colmer)
Date: Fri, 8 Apr 2016 12:19:14 +0100
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To: <57078E3B.8070704@sumptuouscapital.com>
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
<570684EF.2020307@sumptuouscapital.com>
<57078E3B.8070704@sumptuouscapital.com>
Message-ID:
On 8 April 2016 at 11:55, Kristian Fiskerstrand
wrote:
>>> is ldap listed as a schema when doing KEYSERVER --help ? you can
>>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap
Thanks for this suggestion. dirmngr wasn't listing ldap, so I've
installed the extra bits, rebuilt and now it is.
However, unfortunately, now --send-key breaks earlier than it was :(
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 GETINFO version
gpg: DBG: chan_3 KEYSERVER --clear
ldaps://:@login.linaro.org?dc=linaro,dc=org
gpg: DBG: chan_3
gpg: no keyserver known
gpg: keyserver send failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
This used to be the output ...
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 GETINFO version
gpg: DBG: chan_4 KEYSERVER --clear ldaps://:@login.linaro.org
gpg: DBG: chan_4 KEYSERVER
gpg: DBG: chan_4 :@login.linaro.org
gpg: DBG: chan_4
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
<570684EF.2020307@sumptuouscapital.com>
Message-ID:
On 7 April 2016 at 17:03, Kristian Fiskerstrand
wrote:
> is ldap listed as a schema when doing KEYSERVER --help ? you can also
> check if ldd /usr/bin/dirmngr shows a linkage to libldap
Sorry - how do I check the schema? I'm not sure what command you are
asking me to run.
With regards to the ldd command, no, there is no linkage to libldap. I
have the libldap package installed, so do I need to do something to
get gnupg to link to it when I build it?
Regards
Philip
From erik.nellessen at informatik.hu-berlin.de Fri Apr 8 17:28:00 2016
From: erik.nellessen at informatik.hu-berlin.de (Erik Nellessen)
Date: Fri, 8 Apr 2016 15:28:00 +0000
Subject: Perform only asymmetric encryption/decryption
Message-ID: <5707CE00.4070705@informatik.hu-berlin.de>
When I encrypt data using GnuPG, GnuPG uses hybrid encryption. This really is a good idea for most use cases. But in my (I admit, rather special) use case, only using asymmetric encryption/decryption is what I need. Is it possible to use asymmetric encryption only? The interface I would wish to have takes plain data and provides an RSA encrypted cipher text (and vice versa for decryption).
Does GnuPG provide any kind of interface for direct asymmetric encryption/decryption operations? I guess I could try do it similar to the write_pubkey_enc function in the file g10/encrypt.c. But is there an easier/more official way?
What I want to do is certainly possible using OpenSSL. But as I am changing an existing system, a possibility to do this with GnuPG would be the easiest way for me.
Kind regards,
Erik Nellessen
From arthur at ulfeldt.com Fri Apr 8 18:27:31 2016
From: arthur at ulfeldt.com (Arthur Ulfeldt)
Date: Fri, 8 Apr 2016 09:27:31 -0700
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <5707CE00.4070705@informatik.hu-berlin.de>
References: <5707CE00.4070705@informatik.hu-berlin.de>
Message-ID:
I'm not sure I totally understand your requiremens, though if you are
looking to run RSA encryption on strings and are not using any of the
authentication parts of gpg, then openssl is the way to go. I suspect it's
not possible with gpg's provided interface.
If using pgp is really more convenient then letting it do hybrid encryption
will be much easier though it sounds like you have a good reason for
wanting to avoid that.
Den 8. apr. 2016 9.18 AM skrev "Erik Nellessen" <
erik.nellessen at informatik.hu-berlin.de>:
> When I encrypt data using GnuPG, GnuPG uses hybrid encryption. This really
> is a good idea for most use cases. But in my (I admit, rather special) use
> case, only using asymmetric encryption/decryption is what I need. Is it
> possible to use asymmetric encryption only? The interface I would wish to
> have takes plain data and provides an RSA encrypted cipher text (and vice
> versa for decryption).
>
> Does GnuPG provide any kind of interface for direct asymmetric
> encryption/decryption operations? I guess I could try do it similar to the
> write_pubkey_enc function in the file g10/encrypt.c. But is there an
> easier/more official way?
>
> What I want to do is certainly possible using OpenSSL. But as I am
> changing an existing system, a possibility to do this with GnuPG would be
> the easiest way for me.
>
> Kind regards,
> Erik Nellessen
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From andrewg at andrewg.com Fri Apr 8 19:42:47 2016
From: andrewg at andrewg.com (Andrew Gallagher)
Date: Fri, 8 Apr 2016 18:42:47 +0100
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <5707CE00.4070705@informatik.hu-berlin.de>
References: <5707CE00.4070705@informatik.hu-berlin.de>
Message-ID: <5707ED97.3020606@andrewg.com>
On 08/04/16 16:28, Erik Nellessen wrote:
> When I encrypt data using GnuPG, GnuPG uses hybrid encryption. This
> really is a good idea for most use cases. But in my (I admit, rather
> special) use case, only using asymmetric encryption/decryption is
> what I need. Is it possible to use asymmetric encryption only? The
> interface I would wish to have takes plain data and provides an RSA
> encrypted cipher text (and vice versa for decryption).
A bit more info about your use case might be helpful (and intriguing!).
If you're just trying to create a new asym-encrypted copy of an existing
GPG session key (or something similar) then there might be a way. If
you're thinking of encrypting large amounts of data directly with
asym-encryption, then I'll question your sanity. ;-)
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL:
From erik.nellessen at informatik.hu-berlin.de Sun Apr 10 12:56:09 2016
From: erik.nellessen at informatik.hu-berlin.de (Erik Nellessen)
Date: Sun, 10 Apr 2016 10:56:09 +0000
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <5707ED97.3020606@andrewg.com>
References: <5707CE00.4070705@informatik.hu-berlin.de>
<5707ED97.3020606@andrewg.com>
Message-ID: <570A3149.80600@informatik.hu-berlin.de>
No, this is not about encrypting large amounts of data with asymmetric encryption. ;) It is about encrypting and decrypting small strings, which are still way smaller than the public/private key. So I guess this could be possible using the interfaces for encrypting/decrypting a data encryption key. What is the best way in OpenPGP to encrypt/decrypt small strings using asymmetric encryption/decryption directly?
Kind regards,
Erik
Andrew Gallagher:
> On 08/04/16 16:28, Erik Nellessen wrote:
>> When I encrypt data using GnuPG, GnuPG uses hybrid encryption. This
>> really is a good idea for most use cases. But in my (I admit, rather
>> special) use case, only using asymmetric encryption/decryption is
>> what I need. Is it possible to use asymmetric encryption only? The
>> interface I would wish to have takes plain data and provides an RSA
>> encrypted cipher text (and vice versa for decryption).
>
> A bit more info about your use case might be helpful (and intriguing!).
> If you're just trying to create a new asym-encrypted copy of an existing
> GPG session key (or something similar) then there might be a way. If
> you're thinking of encrypting large amounts of data directly with
> asym-encryption, then I'll question your sanity. ;-)
>
> A
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL:
From neal at walfield.org Mon Apr 11 09:40:13 2016
From: neal at walfield.org (Neal H. Walfield)
Date: Mon, 11 Apr 2016 09:40:13 +0200
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <570A3149.80600@informatik.hu-berlin.de>
References: <5707CE00.4070705@informatik.hu-berlin.de>
<5707ED97.3020606@andrewg.com>
<570A3149.80600@informatik.hu-berlin.de>
Message-ID: <87d1pwsiea.wl-neal@walfield.org>
On Sun, 10 Apr 2016 12:56:09 +0200,
Erik Nellessen wrote:
> No, this is not about encrypting large amounts of data with asymmetric encryption. ;) It is about encrypting and decrypting small strings, which are still way smaller than the public/private key. So I guess this could be possible using the interfaces for encrypting/decrypting a data encryption key. What is the best way in OpenPGP to encrypt/decrypt small strings using asymmetric encryption/decryption directly?
You can extract the session key using --show-session-key and set the
session key using --override-session-key
$ echo | gpg2 --no-options -c | gpg2 --show-session-key -d
gpg: session key: '7:7BF4443B3652BD25CEC2BA641135AC58'
The format of the session key is algorithm id and the hex-encoded
data.
The created message has the following form:
echo | gpg2 --no-options -c | gpg2 --list-packets
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 7, s2k 3, hash 2
salt 6E31D6F821C697BD, count 24117248 (231)
# off=15 ctb=d2 tag=18 hlen=2 plen=54 new-ctb
:encrypted data packet:
length: 54
mdc_method: 2
# off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
# off=38 ctb=cb tag=11 hlen=2 plen=7 new-ctb
:literal data packet:
mode b (62), created 1460360139, name="",
raw data: 1 bytes
That is, it has an SK-ESK packet and a symmetrically encrypted packet.
You just want the SK-ESK, which should be relatively straightforward
to extract. Unfortunately, IIRC, if GnuPG doesn't have an encrypted
body, it won't show the session key when --show-session-key is used.
But, this can be changed relatively easily.
A more fundamental problem is that GnuPG will warn (or perhaps error
out?) if the provided session key is weak.
Good luck!
:) Neal
From erik.nellessen at informatik.hu-berlin.de Mon Apr 11 10:49:32 2016
From: erik.nellessen at informatik.hu-berlin.de (Erik Nellessen)
Date: Mon, 11 Apr 2016 08:49:32 +0000
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <87d1pwsiea.wl-neal@walfield.org>
References: <5707CE00.4070705@informatik.hu-berlin.de>
<5707ED97.3020606@andrewg.com> <570A3149.80600@informatik.hu-berlin.de>
<87d1pwsiea.wl-neal@walfield.org>
Message-ID: <570B651C.9010906@informatik.hu-berlin.de>
If I understand it correctly, --override-session-key does not allow me to set the session key before encryption. It allows me to set the session key when decrypting, so I can do it without using the private key. The option is used to reveal the content of messages without revealing the private key.
See: http://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key
But following this approach, I would need to be able to change the session key before encryption. So I think this does not solve the problem yet. Am I right? Any other ideas?
Kind regards,
Erik
Neal H. Walfield:
> On Sun, 10 Apr 2016 12:56:09 +0200,
> Erik Nellessen wrote:
>> No, this is not about encrypting large amounts of data with asymmetric encryption. ;) It is about encrypting and decrypting small strings, which are still way smaller than the public/private key. So I guess this could be possible using the interfaces for encrypting/decrypting a data encryption key. What is the best way in OpenPGP to encrypt/decrypt small strings using asymmetric encryption/decryption directly?
>
> You can extract the session key using --show-session-key and set the
> session key using --override-session-key
>
> $ echo | gpg2 --no-options -c | gpg2 --show-session-key -d
> gpg: session key: '7:7BF4443B3652BD25CEC2BA641135AC58'
>
> The format of the session key is algorithm id and the hex-encoded
> data.
>
> The created message has the following form:
>
> echo | gpg2 --no-options -c | gpg2 --list-packets
> # off=0 ctb=8c tag=3 hlen=2 plen=13
> :symkey enc packet: version 4, cipher 7, s2k 3, hash 2
> salt 6E31D6F821C697BD, count 24117248 (231)
> # off=15 ctb=d2 tag=18 hlen=2 plen=54 new-ctb
> :encrypted data packet:
> length: 54
> mdc_method: 2
> # off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
> :compressed packet: algo=1
> # off=38 ctb=cb tag=11 hlen=2 plen=7 new-ctb
> :literal data packet:
> mode b (62), created 1460360139, name="",
> raw data: 1 bytes
>
> That is, it has an SK-ESK packet and a symmetrically encrypted packet.
> You just want the SK-ESK, which should be relatively straightforward
> to extract. Unfortunately, IIRC, if GnuPG doesn't have an encrypted
> body, it won't show the session key when --show-session-key is used.
> But, this can be changed relatively easily.
>
> A more fundamental problem is that GnuPG will warn (or perhaps error
> out?) if the provided session key is weak.
>
> Good luck!
>
> :) Neal
>
From neal at walfield.org Mon Apr 11 11:33:52 2016
From: neal at walfield.org (Neal H. Walfield)
Date: Mon, 11 Apr 2016 11:33:52 +0200
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <570B651C.9010906@informatik.hu-berlin.de>
References: <5707CE00.4070705@informatik.hu-berlin.de>
<5707ED97.3020606@andrewg.com>
<570A3149.80600@informatik.hu-berlin.de>
<87d1pwsiea.wl-neal@walfield.org>
<570B651C.9010906@informatik.hu-berlin.de>
Message-ID: <87a8l0sd4v.wl-neal@walfield.org>
On Mon, 11 Apr 2016 10:49:32 +0200,
Erik Nellessen wrote:
>
> If I understand it correctly, --override-session-key does not allow me to set the session key before encryption. It allows me to set the session key when decrypting, so I can do it without using the private key. The option is used to reveal the content of messages without revealing the private key.
>
> See: http://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key
>
> But following this approach, I would need to be able to change the session key before encryption. So I think this does not solve the problem yet. Am I right? Any other ideas?
You're right. If you are willing to modify GnuPG, this is easy to
change, however. (Look at seskey.c:make_session_key and have it use
the contents of opt.override_session_key rather than generate a random
key.)
:) Neal
From wk at gnupg.org Mon Apr 11 15:16:17 2016
From: wk at gnupg.org (Werner Koch)
Date: Mon, 11 Apr 2016 15:16:17 +0200
Subject: Perform only asymmetric encryption/decryption
In-Reply-To: <570A3149.80600@informatik.hu-berlin.de> (Erik Nellessen's
message of "Sun, 10 Apr 2016 10:56:09 +0000")
References: <5707CE00.4070705@informatik.hu-berlin.de>
<5707ED97.3020606@andrewg.com>
<570A3149.80600@informatik.hu-berlin.de>
Message-ID: <87fuusi8v2.fsf@wheatstone.g10code.de>
On Sun, 10 Apr 2016 12:56, erik.nellessen at informatik.hu-berlin.de said:
> No, this is not about encrypting large amounts of data with asymmetric
> encryption. ;) It is about encrypting and decrypting small strings,
> which are still way smaller than the public/private key. So I guess
You better stick to the hybrid encryption scheme unless you want to
violate implicit security assumptions. In particular we know that we
use the public key algorithm to encrypt a random string (the session
key).
In any case you are working outside of the OpenPGP spec and thus you
would be better off to have someone design you a new protocol to suit
your special purpose.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From philip.colmer at linaro.org Mon Apr 11 15:43:10 2016
From: philip.colmer at linaro.org (Philip Colmer)
Date: Mon, 11 Apr 2016 14:43:10 +0100
Subject: Using LDAP keyservers with gpg 2.1.11
In-Reply-To:
References:
<8760vtscs5.fsf@wheatstone.g10code.de>
<570684EF.2020307@sumptuouscapital.com>
<57078E3B.8070704@sumptuouscapital.com>
Message-ID:
OK ... I've done some more digging.
The command
KEYSERVER --clear
was failing because it doesn't like the embedded username and
password, i.e. it only works if the configuration just specifies
ldaps://login.linaro.org.
So, stripping the username and password out gets *that* bit of the
code to work but ultimately fails when the code tries to send the key
because it no longer has any authentication information.
How/where am I supposed to specify the username and password? I've
tried specifying:
keyserver-options binddn="uid=user1,ou=PGP Keys,dc=EXAMPLE,dc=ORG"
keyserver-options bindpw=PASSWORD
which is what https://wiki.gnupg.org/LDAPKeyserver suggests, but the
software complains they are unrecognised; I suspect that gnupg 2.1
removed those but it isn't clear if they got replaced by something
else.
Thanks.
Philip
On 8 April 2016 at 12:19, Philip Colmer wrote:
> On 8 April 2016 at 11:55, Kristian Fiskerstrand
> wrote:
>>>> is ldap listed as a schema when doing KEYSERVER --help ? you can
>>>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap
>
> Thanks for this suggestion. dirmngr wasn't listing ldap, so I've
> installed the extra bits, rebuilt and now it is.
>
> However, unfortunately, now --send-key breaks earlier than it was :(
>
> gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
> memstat trust hashing cardio ipc clock lookup extprog
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 gpg: DBG: chan_3 gpg: DBG: chan_3 gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_3 -> GETINFO version
> gpg: DBG: chan_3 gpg: DBG: chan_3 gpg: DBG: chan_3 -> KEYSERVER --clear
> ldaps://:@login.linaro.org?dc=linaro,dc=org
> gpg: DBG: chan_3
> gpg: no keyserver known
> gpg: keyserver send failed: No keyserver available
> gpg: DBG: chan_3 -> BYE
> gpg: DBG: [not enabled in the source] stop
>
> This used to be the output ...
>
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 gpg: DBG: chan_3 gpg: DBG: chan_3 gpg: DBG: chan_4 gpg: DBG: chan_4 gpg: DBG: chan_4 gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_4 -> GETINFO version
> gpg: DBG: chan_4 gpg: DBG: chan_4 gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://:@login.linaro.org
> gpg: DBG: chan_4 gpg: DBG: chan_4 -> KEYSERVER
> gpg: DBG: chan_4 :@login.linaro.org
> gpg: DBG: chan_4 gpg: DBG: [not enabled in the source] keydb_new
> gpg: DBG: [not enabled in the source] keydb_search enter
>
> Regards
>
> Philip
From w at uter.be Mon Apr 11 14:13:18 2016
From: w at uter.be (Wouter Verhelst)
Date: Mon, 11 Apr 2016 14:13:18 +0200
Subject: Deleting a smart card secret key stub from the secret keyring
Message-ID: <20160411121318.GB10077@grep.be>
Hi,
I recently bought an OpenPGP smart card, and am now evaluating before
deciding whether to move my secret key to the card. To that end, I've
generated (and destroyed, by way of "gpg2 --edit-card"'s factory-reset
command) a number of keys.
However, I noticed that the factory-reset doesn't delete the secret key
stub from my secret keyring; and now I get this:
wouter at gangtai:~$ LC_ALL=C gpg2 --delete-secret-key b36c8212
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa4096/B36C8212 2016-04-02 Wouter Verhelst (Debian)
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: b36c8212: delete key failed: Not possible with a card based key
How do I tell GnuPG that this secret key is no longer in existence, and
that it should remove it from its list of secret keys? I've removed it
from the card, and I didn't create a backup copy (since this was only a
test key, after all).
I suppose I could just wipe out my entire secret keyring, but I'd rather
not do that, since it contains my production GPG keys...
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
From wk at gnupg.org Tue Apr 12 19:08:44 2016
From: wk at gnupg.org (Werner Koch)
Date: Tue, 12 Apr 2016 19:08:44 +0200
Subject: Deleting a smart card secret key stub from the secret keyring
In-Reply-To: <20160411121318.GB10077@grep.be> (Wouter Verhelst's message of
"Mon, 11 Apr 2016 14:13:18 +0200")
References: <20160411121318.GB10077@grep.be>
Message-ID: <87lh4ig3fn.fsf@wheatstone.g10code.de>
On Mon, 11 Apr 2016 14:13, w at uter.be said:
> How do I tell GnuPG that this secret key is no longer in existence, and
> that it should remove it from its list of secret keys? I've removed it
gpg --with-keygrip -k b36c8212
Which gives you a /Keygrip/. For a card based key gpg-agent creates a
file
~/.gnupg/private-keys-v1.d/KEYGRIP.key
to store public key parameters and the serial number of the card,. so
that gpg-agent can ask you to insert the card it wants to use. Just
delete that file, howeverit will e re-created whe you insert a card.
gpg-connect-agent 'keyinfo --list' /bye
prints a list of all keys known by gpg-agent with additional
information.
gpg-connect-agent 'help keyinfo' /bye
documents the used output format.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From w at uter.be Wed Apr 13 09:57:07 2016
From: w at uter.be (Wouter Verhelst)
Date: Wed, 13 Apr 2016 09:57:07 +0200
Subject: Deleting a smart card secret key stub from the secret keyring
In-Reply-To: <87lh4ig3fn.fsf@wheatstone.g10code.de>
References: <20160411121318.GB10077@grep.be>
<87lh4ig3fn.fsf@wheatstone.g10code.de>
Message-ID: <20160413075707.GB2722@grep.be>
On Tue, Apr 12, 2016 at 07:08:44PM +0200, Werner Koch wrote:
> On Mon, 11 Apr 2016 14:13, w at uter.be said:
>
> > How do I tell GnuPG that this secret key is no longer in existence, and
> > that it should remove it from its list of secret keys? I've removed it
>
> gpg --with-keygrip -k b36c8212
>
> Which gives you a /Keygrip/. For a card based key gpg-agent creates a
> file
>
> ~/.gnupg/private-keys-v1.d/KEYGRIP.key
>
> to store public key parameters and the serial number of the card,. so
> that gpg-agent can ask you to insert the card it wants to use. Just
> delete that file,
Thanks, that worked.
> howeverit will e re-created whe you insert a card.
Presumably, when I insert the card with the same key?
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
From thecissou98 at hotmail.fr Thu Apr 14 22:41:45 2016
From: thecissou98 at hotmail.fr (Francis Le Roy)
Date: Thu, 14 Apr 2016 22:41:45 +0200
Subject: Problem with decrypt
Message-ID:
Hi,
I'm trying to decrypt a cipher using gpgme. I have a correct cipher and
have imported the private key but the plain result of gpgme_op_decrypt
is empty. The error returned is GPG_ERR_NO_ERROR...
Thanks.
F.
Please CC me, I haven't subscribed to the mailing list.
From wk at gnupg.org Fri Apr 15 17:42:37 2016
From: wk at gnupg.org (Werner Koch)
Date: Fri, 15 Apr 2016 17:42:37 +0200
Subject: [Announce] Libgcrypt 1.7.0 released
Message-ID: <87vb3iyj2q.fsf@wheatstone.g10code.de>
Hello!
The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.0. This is a new stable version of Libgcrypt with full API
and ABI compatibiliy to the 1.6 series. Its main features are new
algorithms, curves, and performance improvements.
Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG. It does not provide any
implementation of OpenPGP or other protocols. Thorough understanding of
applied cryptography is required to use Libgcrypt.
Noteworthy changes between version 1.6.0 and 1.7.0:
===================================================
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed memory leaks in ECC code.
- Fixed some asm build problems and feature detection bugs.
For interface changes relative to the 1.6.0 release see below [4]. Note
that the 1.6 series will enter end-of-life state on 2017-06-30.
Download
========
Source code is hosted at the GnuPG FTP server and its mirrors as listed
at https://gnupg.org/download/mirrors.html . On the primary server
the source tarball and its digital signature are:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2 (2477k)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2.sig
That file is bzip2 compressed. A gzip compressed version is here:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz (3309k)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz.sig
The same files are also available via HTTP:
https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2
https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.bz2.sig
https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz
https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.0.tar.gz.sig
In order to check that the version of Libgcrypt you downloaded is an
original and unmodified file please follow the instructions found at
. In short, you may
use one of the following mthods:
- Check the supplied OpenPGP signature. For example to check the
signature of the file libgcrypt-1.7.0.tar.bz2 you would use this
command:
gpg --verify libgcrypt-1.7.0.tar.bz2.sig libgcrypt-1.7.0.tar.bz2
This checks whether the signature file matches the source file. You
should see a message indicating that the signature is good and made
by one or more of the release signing keys.
- If you are not able to use GnuPG, you have to verify the SHA-1
checksum:
sha1sum libgcrypt-1.7.0.tar.bz2
and check that the output matches the first line from the
following list:
f840b737faafded451a084ae143285ad68bbfb01 libgcrypt-1.7.0.tar.bz2
b6b6cfea349ca18a658a18a6365f5e2ca78fe1cc libgcrypt-1.7.0.tar.gz
You should also verify that the checksums above are authentic by
matching them with copies of this announcement. Those copies can be
found at other mailing lists, web sites, and search engines.
Copying
=======
Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+). The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+). The file LICENSES has notices about contributions
that require that these additional notices are distributed.
Support
=======
For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1]. A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].
If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel mailing
list for discussion.
Maintenance and development of Libgcrypt is mostly financed by
donations; see . We currently employ
3 full-time developers, one part-timer, and one contractor to work on
GnuPG and closely related software like Libgcrypt.
Thanks
======
We like to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists. Also many thanks to all our donors [3]. Special thanks go to
Jussi Kivilinna for all of his performance improvement work.
For the GnuPG hackers,
Werner
p.s.
This is an announcement only mailing list. Please send replies only to
the gcrypt-devel 'at' gnupg.org mailing list.
[1] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html
[3] https://gnupg.org/donate/kudos.html
[4] Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL:
-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From wk at gnupg.org Fri Apr 15 19:03:29 2016
From: wk at gnupg.org (Werner Koch)
Date: Fri, 15 Apr 2016 19:03:29 +0200
Subject: Problem with decrypt
In-Reply-To: (Francis Le
Roy's message of "Thu, 14 Apr 2016 22:41:45 +0200")
References:
Message-ID: <87d1pqyfby.fsf@wheatstone.g10code.de>
On Thu, 14 Apr 2016 22:41, thecissou98 at hotmail.fr said:
> I'm trying to decrypt a cipher using gpgme. I have a correct cipher and
> have imported the private key but the plain result of gpgme_op_decrypt
> is empty. The error returned is GPG_ERR_NO_ERROR...
Which means success. In general you test for an error this way:
err = gpgme_foo (&data);
if (err)
Of course you could also do
if (err != 0)
report_error_foo (gpg_strerror (err));
else
process_returned_data (data);
which is identical to the above or
if (err != GPG_ERR_NO_ERROR)
report_error_foo (gpg_strerror (err));
else
process_returned_data (data);
which is also identical because GPG_ERR_NO_ERROR expands to 0. I would
prefer the first becuase it is easier to read.
If you need more help, I suggest to post a snippet of your code.
Salam-Shalom,
Werner
ps.
And yes, some put the constant first like
if (0 == err)
to detect an unintentional assignment to the lvalue. However, modern
compilers are pretty good in warning about unintentional assignments and
thus _I_ do not use that. Comparing false or true is anyway better done
without an explicit compare operator - that pattern is easier to parse
for the brain.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From thecissou98 at hotmail.fr Sat Apr 16 10:37:13 2016
From: thecissou98 at hotmail.fr (Francis Le Roy)
Date: Sat, 16 Apr 2016 10:37:13 +0200
Subject: Problem with decrypt
In-Reply-To: <87d1pqyfby.fsf@wheatstone.g10code.de>
References:
<87d1pqyfby.fsf@wheatstone.g10code.de>
Message-ID:
Hi,?
I am using the?
If(err) way to check if there is an error as GPG_ERR_NO_ERR is 0. But actually the gpgme_op_decrypt operation is successful. However, when I do something like : int len = gpgme_data_seek(plaintextdata, 0, SEEK_END); len is equal to zero.?
So I assume that the data haven't been decrypted or written to the buffer.
Thanks.?
F.?
Le 15 avr. 2016 19:05, ? 19:05, Werner Koch a ?crit:
>On Thu, 14 Apr 2016 22:41, thecissou98 at hotmail.fr said:
>
>> I'm trying to decrypt a cipher using gpgme. I have a correct cipher
>and
>> have imported the private key but the plain result of
>gpgme_op_decrypt
>> is empty. The error returned is GPG_ERR_NO_ERROR...
>
>Which means success. In general you test for an error this way:
>
> err = gpgme_foo (&data);
> if (err)
>
>Of course you could also do
>
> if (err != 0)
> report_error_foo (gpg_strerror (err));
> else
> process_returned_data (data);
>
>which is identical to the above or
>
> if (err != GPG_ERR_NO_ERROR)
> report_error_foo (gpg_strerror (err));
> else
> process_returned_data (data);
>
>which is also identical because GPG_ERR_NO_ERROR expands to 0. I would
>prefer the first becuase it is easier to read.
>
>If you need more help, I suggest to post a snippet of your code.
>
>
>Salam-Shalom,
>
> Werner
>
>
>ps.
>And yes, some put the constant first like
> if (0 == err)
>to detect an unintentional assignment to the lvalue. However, modern
>compilers are pretty good in warning about unintentional assignments
>and
>thus _I_ do not use that. Comparing false or true is anyway better
>done
>without an explicit compare operator - that pattern is easier to parse
>for the brain.
>
>--
>Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From brett at jemstep.com Tue Apr 19 09:42:54 2016
From: brett at jemstep.com (Brett Cave)
Date: Tue, 19 Apr 2016 09:42:54 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
Message-ID:
Hi all, I'm wondering if anyone uses gpg piping data to it (on a *nix
system) while also providing a passphrase-fd? Might be more of a bash /
shell question that GPG itself...
Example: I want to create an encrypted archive. I don't want to write the
passphrase to the local fs and don't want it to be visible in the process
list.
To create an archive, and then encrypt it using a variable in 2 steps:
tar zxf dir.tgz dir
echo $PASSPHRASE | gpg -c --passphrase-fd 0 -o dir.tgz.gpg dir.tgz
This way, the passphrase is never written to the fs and does not show up in
the process list - it is only in-memory.
Is it possible to do this in a single step using a different FD some how? I
can do it with a redirect from a file....
tar zcf - /path/to/stuff | gpg -c --passphrase-fd 0 -o dir.tgz.gpg 1<>
passphrase-file
But how can it be done from a variable?
tar zcf - /path/to/stuff | gpg -c --passphrase-fd 0 -o dir.tgz.gpg
1<>$(echo $passphrase-var)
The last command doesn't work, but sort of indicates what I'm trying to do.
(I've read the previous threads discussing "why even bother encrypting if
you don't trust the system" and other "why" questions. There may be flaws
in this approach too, this is purely for "because I want to know how to do
it this way" sort of question).
Thanks,
Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Tue Apr 19 11:59:44 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 19 Apr 2016 11:59:44 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
Message-ID: <57160190.3020900@digitalbrains.com>
On 19/04/16 09:42, Brett Cave wrote:
> Hi all, I'm wondering if anyone uses gpg piping data to it (on a *nix
> To create an archive, and then encrypt it using a variable in 2 steps:
> tar zxf dir.tgz dir
> echo $PASSPHRASE | gpg -c --passphrase-fd 0 -o dir.tgz.gpg dir.tgz
>
> This way, the passphrase is never written to the fs and does not show up
> in the process list - it is only in-memory.
That doesn't seem to be the case, though. $PASSPHRASE is expanded and
fed as an argument to echo. For instance:
$ ARGS=f
$ ps $ARGS
[...]
26958 pts/1 Ss 0:01 /bin/bash
27915 pts/1 R+ 0:00 \_ ps f
[...]
In addition, there's a good chance your environment variable ends up in
your swap space.
> But how can it be done from a variable?
I'm certainly not suggesting you use this method, but out of an
academical interest, I got it to work with:
$ tar zcf - . | gpg -c --passphrase-fd 3 -o dir.tgz.gpg 3< [...] this is purely for "because I want to know
> how to do it this way" sort of question).
Which was my motivation exactly :).
Oh, by the way, your plaintext was already on disk. The only reason to
worry about the passphrase being on disk is that you might reuse the
passphrase, right?
Asymmetric crypto would nicely avoid the issue by never needing the
secret part to encrypt data in the first place.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From dashohoxha at gmail.com Tue Apr 19 14:12:19 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Tue, 19 Apr 2016 14:12:19 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <57160190.3020900@digitalbrains.com>
References:
<57160190.3020900@digitalbrains.com>
Message-ID:
I have written a small password utility, where passwords are stored on an
encrypted archive.
I use something like this:
- https://github.com/dashohoxha/pw/blob/master/src/pw.sh#L26-L27
I think that all these three ways are the same (security-wise), isn't it?
The second way (described by Peter) is just more complex and more difficult
to understand, but not safer.
Am I right?
Dashamir
On Tue, Apr 19, 2016 at 11:59 AM, Peter Lebbing
wrote:
> On 19/04/16 09:42, Brett Cave wrote:
> > Hi all, I'm wondering if anyone uses gpg piping data to it (on a *nix
> > To create an archive, and then encrypt it using a variable in 2 steps:
> > tar zxf dir.tgz dir
> > echo $PASSPHRASE | gpg -c --passphrase-fd 0 -o dir.tgz.gpg dir.tgz
> >
> > This way, the passphrase is never written to the fs and does not show up
> > in the process list - it is only in-memory.
>
> That doesn't seem to be the case, though. $PASSPHRASE is expanded and
> fed as an argument to echo. For instance:
>
> $ ARGS=f
> $ ps $ARGS
> [...]
> 26958 pts/1 Ss 0:01 /bin/bash
> 27915 pts/1 R+ 0:00 \_ ps f
> [...]
>
> In addition, there's a good chance your environment variable ends up in
> your swap space.
>
> > But how can it be done from a variable?
>
> I'm certainly not suggesting you use this method, but out of an
> academical interest, I got it to work with:
>
> $ tar zcf - . | gpg -c --passphrase-fd 3 -o dir.tgz.gpg 3<
> I'm redirecting twice. First, I redirect "echo test" to an FD or FIFO of
> Bash's choosing. Then I connect that to fd 3, so I can name fd 3 as the
> passphrase-fd. form /dev/fd/X or of some named FIFO created by bash, if I understand
> the Bash manual correctly. The space between the two less-than's is
> necessary.
>
> > [...] this is purely for "because I want to know
> > how to do it this way" sort of question).
>
> Which was my motivation exactly :).
>
> Oh, by the way, your plaintext was already on disk. The only reason to
> worry about the passphrase being on disk is that you might reuse the
> passphrase, right?
>
> Asymmetric crypto would nicely avoid the issue by never needing the
> secret part to encrypt data in the first place.
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Tue Apr 19 17:20:33 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Tue, 19 Apr 2016 17:20:33 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
<57160190.3020900@digitalbrains.com>
Message-ID: <57164CC1.8030705@digitalbrains.com>
On 19/04/16 14:12, Dashamir Hoxha wrote:
> The second way (described by Peter) is just more complex and more
> difficult to understand, but not safer. Am I right?
It's not safer. Regarding the complexity, however, the data to encrypt
is already on fd 0, so you would need to move either the data or the
passphrase to another fd, I think. The example from your code on GitHub
doesn't get data piped to it, so it doesn't need multiple fd's, which is
the point where it gets more complicated.
Depending on how --passphrase-file is implemented, it might be possible
to use --passphrase-file
From dougb at dougbarton.email Tue Apr 19 21:18:35 2016
From: dougb at dougbarton.email (Doug Barton)
Date: Tue, 19 Apr 2016 12:18:35 -0700
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
<57160190.3020900@digitalbrains.com>
Message-ID: <5716848B.6020701@dougbarton.email>
On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
> I have written a small password utility, where passwords are stored on
> an encrypted archive.
This is a bad idea. You should instead use one of the well-established
solutions created and peer-reviewed by knowledgeable folks. Personally
I'm a big fan of KeePass.
Doug
From dashohoxha at gmail.com Tue Apr 19 21:34:42 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Tue, 19 Apr 2016 21:34:42 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <5716848B.6020701@dougbarton.email>
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
Message-ID:
On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton wrote:
> On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
>
>> I have written a small password utility, where passwords are stored on
>> an encrypted archive.
>>
>
> This is a bad idea. You should instead use one of the well-established
> solutions created and peer-reviewed by knowledgeable folks. Personally I'm
> a big fan of KeePass.
Would you like to peer-review it?
(If you consider yourself knowledgeable.)
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From brett at jemstep.com Tue Apr 19 12:33:42 2016
From: brett at jemstep.com (Brett Cave)
Date: Tue, 19 Apr 2016 12:33:42 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <57160190.3020900@digitalbrains.com>
References:
<57160190.3020900@digitalbrains.com>
Message-ID:
On Tue, Apr 19, 2016 at 11:59 AM, Peter Lebbing
wrote:
> On 19/04/16 09:42, Brett Cave wrote:
> > Hi all, I'm wondering if anyone uses gpg piping data to it (on a *nix
> > To create an archive, and then encrypt it using a variable in 2 steps:
> > tar zxf dir.tgz dir
> > echo $PASSPHRASE | gpg -c --passphrase-fd 0 -o dir.tgz.gpg dir.tgz
> >
> > This way, the passphrase is never written to the fs and does not show up
> > in the process list - it is only in-memory.
>
> That doesn't seem to be the case, though. $PASSPHRASE is expanded and
> fed as an argument to echo. For instance:
>
Yes, it is for the duration of the echo command, but not for the duration
of the gpg run:
$ tar zcf - somebigdir | gpg -c --passphrase-fd 0 -o test.tgz.gpg 1<
$ ARGS=f
> $ ps $ARGS
> [...]
> 26958 pts/1 Ss 0:01 /bin/bash
> 27915 pts/1 R+ 0:00 \_ ps f
> [...]
>
> In addition, there's a good chance your environment variable ends up in
> your swap space.
>
1 of the flaws of this approach, unless of course kernel swappiness is
adjusted.
>
> > But how can it be done from a variable?
>
> I'm certainly not suggesting you use this method, but out of an
> academical interest, I got it to work with:
>
> $ tar zcf - . | gpg -c --passphrase-fd 3 -o dir.tgz.gpg 3<
ah - I was trying `3< $(echo test)` - needed the double redirect. Thanks!
>
> I'm redirecting twice. First, I redirect "echo test" to an FD or FIFO of
> Bash's choosing. Then I connect that to fd 3, so I can name fd 3 as the
> passphrase-fd. form /dev/fd/X or of some named FIFO created by bash, if I understand
> the Bash manual correctly. The space between the two less-than's is
> necessary.
>
> > [...] this is purely for "because I want to know
> > how to do it this way" sort of question).
>
> Which was my motivation exactly :).
>
> Oh, by the way, your plaintext was already on disk. The only reason to
> worry about the passphrase being on disk is that you might reuse the
> passphrase, right?
>
If the plaintext is never persisted and the passphrase isn't either /
available from the process list... For the sake of simplicity / example, I
hypothetically referred to a source directory with tar.
For practical purposes, this approach could be used with remote service
data, where the plaintext and plain key is never written to disk (e.g. http
client that invokes a remote call to dump config data, a mysqldump from a
remote server, etc). As far as symmetric encryption goes, not having
plaintext or plainkey ever persisted or viewable is a little more secure (a
compromise would require memory access or network packet sniffing if
remote), although understandably still flawed.
>
> Asymmetric crypto would nicely avoid the issue by never needing the
> secret part to encrypt data in the first place.
>
> HTH,
>
Thanks, helped plenty :)
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <
> http://cp.mcafee.com/d/avndxNJ5xN6XVEVd7bPxKVJ554QsEETd78VUSyyyqekkkkrLCQkkQnXzDAjhOrhhhd7bPatSjhOr8h-sMk8-HivHsKr4vlFfRKndTd7adT4hP_nVNZdxNB_HTbECzBV_AkSnCkmhTkhjmKCHtdDBgY-F6lK1FJ4SyrLP3P329EVpoK-rKr01Ei8ODFV2eOxjBYjKyDBlLwIhmbBvb5RLDYjqTP-8agAhBfjO4tB2DbCSm1OpI5-Aq80Dik29EwQQgbriyNeeQYQg2Usq87oRld41DoOQwvVEwS21EwmAJW1EwgSuCy1SIjh1YbhbbjBm1JMQsCQePlc7QZ0mYp
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dougb at dougbarton.email Wed Apr 20 03:27:01 2016
From: dougb at dougbarton.email (Doug Barton)
Date: Tue, 19 Apr 2016 18:27:01 -0700
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
Message-ID: <5716DAE5.7050805@dougbarton.email>
On 04/19/2016 12:34 PM, Dashamir Hoxha wrote:
> On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton > wrote:
>
> On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
>
> I have written a small password utility, where passwords are
> stored on
> an encrypted archive.
>
>
> This is a bad idea. You should instead use one of the
> well-established solutions created and peer-reviewed by
> knowledgeable folks. Personally I'm a big fan of KeePass.
>
>
> Would you like to peer-review it?
Of course not. I already said that it's a bad idea. I can't be any
clearer than that.
Doug
From dashohoxha at gmail.com Wed Apr 20 07:39:01 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Wed, 20 Apr 2016 07:39:01 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <5716DAE5.7050805@dougbarton.email>
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
Message-ID:
On Wed, Apr 20, 2016 at 3:27 AM, Doug Barton wrote:
> On 04/19/2016 12:34 PM, Dashamir Hoxha wrote:
>
>> On Tue, Apr 19, 2016 at 9:18 PM, Doug Barton > > wrote:
>>
>> On 04/19/2016 05:12 AM, Dashamir Hoxha wrote:
>>
>> I have written a small password utility, where passwords are
>> stored on
>> an encrypted archive.
>>
>>
>> This is a bad idea. You should instead use one of the
>> well-established solutions created and peer-reviewed by
>> knowledgeable folks. Personally I'm a big fan of KeePass.
>>
>>
>> Would you like to peer-review it?
>>
>
> Of course not. I already said that it's a bad idea. I can't be any clearer
> than that.
I thought you could point out what is wrong with it, hopefully something
that can be fixed. But that's OK.
I have tried KeePassX, there is nothing wrong with it. But I still prefer
my own tool.
By the way, it is a fork of the well known `pass` tool, so it didn't just
come out of thin air.
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rjh at sixdemonbag.org Wed Apr 20 08:09:48 2016
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 20 Apr 2016 02:09:48 -0400
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
Message-ID: <2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
> I thought you could point out what is wrong with it, hopefully
> something that can be fixed. But that's OK.
You're asking people to sign on for a literally never-ending process.
(Peer review never ends, after all. Ask the OpenBSD guys.) There's
nothing wrong with that. You should always feel free to ask other
people to help. But in order to get the best-qualified people on board,
your project should offer something new: a new capability, a new
security guarantee, a new resistance to attacks, a new *something*.
Because without some new improvement, what motivation is there for
anyone to switch?
It's good to scratch your own itch. If you want to use this tool you've
built, more power to you. But other people probably won't unless you
can give them specific reasons to care.
From dashohoxha at gmail.com Wed Apr 20 09:10:27 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Wed, 20 Apr 2016 09:10:27 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
<2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
Message-ID:
On Wed, Apr 20, 2016 at 8:09 AM, Robert J. Hansen
wrote:
> > I thought you could point out what is wrong with it, hopefully
> > something that can be fixed. But that's OK.
>
> You're asking people to sign on for a literally never-ending process.
> (Peer review never ends, after all. Ask the OpenBSD guys.) There's
> nothing wrong with that. You should always feel free to ask other
> people to help. But in order to get the best-qualified people on board,
> your project should offer something new: a new capability, a new
> security guarantee, a new resistance to attacks, a new *something*.
> Because without some new improvement, what motivation is there for
> anyone to switch?
>
> It's good to scratch your own itch. If you want to use this tool you've
> built, more power to you. But other people probably won't unless you
> can give them specific reasons to care.
You are right. I don't think that it can satisfy the requirements of
everybody
because they are sometimes conflicting. But I use it because it is simpler
and easier, comand-line based, and scriptable. And I also believe that it is
not less secure than the other solutions.
Anyway, myself I don't have high security requirements, and, except for
trying to use good practices, I am not a security expert. So, I cannot
guaranty for everybody.
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Wed Apr 20 11:21:35 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Wed, 20 Apr 2016 11:21:35 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To:
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
<2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
Message-ID: <57174A1F.8000206@digitalbrains.com>
On 20/04/16 09:10, Dashamir Hoxha wrote:
> And I also believe that it is not less secure than the other solutions.
You mean like Phil Zimmerman believed BassOmatic was secure?
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From dashohoxha at gmail.com Wed Apr 20 12:36:41 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Wed, 20 Apr 2016 12:36:41 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <57174A1F.8000206@digitalbrains.com>
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
<2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
<57174A1F.8000206@digitalbrains.com>
Message-ID:
On Wed, Apr 20, 2016 at 11:21 AM, Peter Lebbing
wrote:
> On 20/04/16 09:10, Dashamir Hoxha wrote:
> > And I also believe that it is not less secure than the other solutions.
>
> You mean like Phil Zimmerman believed BassOmatic was secure?
>
Thanks for comparing me to Phil Zimmerman. I am taking this as a
compliment :)
What I mean is that the security of `pw` depends on `gpg`
encryption/decryption.
It can use both symmetric and assymetric encryption, depending of how you
want to use it.
I also try to be careful on the script about not leaking the passphrase
somehow. This is for the case of symmetric enryption. For the assymetric
encryption the passphrase is handled by the pinentry, so it is as safe as
`gpg` itself.
I don't think that the encryption used by KeePass (and other tools like it)
is stronger or safer than the encryption of `gpg`.
If there are any problems, most probably they are on my script, and I
beleive that they can be fixed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From dashohoxha at gmail.com Wed Apr 20 12:44:10 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Wed, 20 Apr 2016 12:44:10 +0200
Subject: Using a passphrase FD from variable and piped data for encryption
In-Reply-To: <571751D5.1020601@digitalbrains.com>
References:
<57160190.3020900@digitalbrains.com>
<5716848B.6020701@dougbarton.email>
<5716DAE5.7050805@dougbarton.email>
<2fd82aa8-82c6-7a7f-30d7-870198baf074@sixdemonbag.org>
<57174A1F.8000206@digitalbrains.com>
<571751D5.1020601@digitalbrains.com>
Message-ID:
On Wed, Apr 20, 2016 at 11:54 AM, Peter Lebbing
wrote:
> PS: Quick note: that the security depends on GnuPG does not mean that it
> inherits the security of GnuPG.
You are right. After decrypting the archive, it is the responsibility of
the script to handle it safely, before encrypting it again.
Cheers,
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From philip.colmer at linaro.org Wed Apr 20 17:44:58 2016
From: philip.colmer at linaro.org (Philip Colmer)
Date: Wed, 20 Apr 2016 16:44:58 +0100
Subject: How to specify LDAP authentication details with dirmngr/GnuPG 2.1?
Message-ID:
I'm trying to use GnuPG 2.1 and using an LDAP server as the keyserver.
>From what I can tell, the keyserver configuration has moved from gpg
to dirmngr but I am really struggling to figure out how I should be
configuring GnuPG/dirmngr so that it knows how to authenticate with
the LDAP server.
I'm editing the dirmngr.conf file but I cannot come up with a
combination of settings that not only specifies the LDAP server as the
keyserver (that's the easy bit) but also specifies the username and
password to use with it.
I've tried separating with colons, I've tried using something like:
ldap://:password at server
I've tried:
keyserver ldap://server binddn="username" bindpw=password
Does anyone know the correct way to specify a username and password
for use with an LDAP keyserver, please?
Thanks.
Philip
From rjh at sixdemonbag.org Thu Apr 21 01:45:34 2016
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 20 Apr 2016 19:45:34 -0400
Subject: gpgme-sharp API missing
Message-ID: <5718149E.4090703@sixdemonbag.org>
On https://wiki.gnupg.org/APIs , gpgme-sharp is listed as being in alpha
status for .NET. Unfortunately, the link is dead and there's no sign of
where it's moved to. For a while it was hosted on GitHub, but
apparently no more.
If anyone has a copy of the gpgme-sharp source code I'd be happy to host
it on my own GitHub account. But either way, the link on the wiki needs
to be either updated or removed.
From wk at gnupg.org Thu Apr 21 14:43:44 2016
From: wk at gnupg.org (Werner Koch)
Date: Thu, 21 Apr 2016 14:43:44 +0200
Subject: gpgme-sharp API missing
In-Reply-To: <5718149E.4090703@sixdemonbag.org> (Robert J. Hansen's message of
"Wed, 20 Apr 2016 19:45:34 -0400")
References: <5718149E.4090703@sixdemonbag.org>
Message-ID: <874mavb08v.fsf@wheatstone.g10code.de>
On Thu, 21 Apr 2016 01:45, rjh at sixdemonbag.org said:
> If anyone has a copy of the gpgme-sharp source code I'd be happy to host
> it on my own GitHub account. But either way, the link on the wiki needs
> to be either updated or removed.
Do you know whether this is a working implementation and whether it is
stand-alone API or a binding for GPGME? In the latter case it should go
into GPGME proper.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
From wk at gnupg.org Thu Apr 21 15:06:10 2016
From: wk at gnupg.org (Werner Koch)
Date: Thu, 21 Apr 2016 15:06:10 +0200
Subject: Financial Results for 2015
Message-ID: <87vb3b9kn1.fsf@wheatstone.g10code.de>
Hello,
find below the full text of a new blog entry by me. If you have
questions or want to comment, please group reply to this mail.
Shalom-Salam,
Werner
1 Financial Results for 2015
????????????????????????????
Having prepared the annual accounts for g10^code GmbH, the legal
entity employing some of the GnuPG hackers, I can now share a
financial report. Please read on if you are interested in how well
the donation campaign last year worked and how we spend your money.
1.1 Balance Sheet as of 2015-12-31
??????????????????????????????????
Let us start by looking at the balance sheet, which describes our
financial status. The following table shows the actual [balance
sheet] with a few accounts pooled up. Note that for display purposes
all values have been rounded to a full Euro, and thus there are minor
mismatches in the Sums.
????????????????????????????????????????????????????????????????
Asset (2014) Liability (2014)
????????????????????????????????????????????????????????????????
Tangible assets 3880 (791)
Stock of goods 0 (122)
Cash balance 360 (469)
Bank balance KSD 207453 (34522)
PayPal and others balance 3842 (711)
Accounts receivable 4774 (0)
Accounts receivable other 497 (18408)
Common capital stock 25000 (25000)
Loss carried forward 0 (23019)
Profit carried forward 11338 (0)
Net profit 115350 (34357)
Shareholder loans 0 (10000)
Accounts payable 0 (3510)
Accounts payable other 27974 (0)
GnuPG development fund 72 (72)
Provision for taxes 41070 (5103)
????????????????????????????????????????????????????????????????
Sums 220804 (78042) (220804) (78042)
????????????????????????????????????????????????????????????????
The /Bank balance KSD/ is the money that we had at the end of the year
in our accounts at the local savings bank. The /PayPal/ row gives the
amount of money in the PayPal account and in a Gandi prepaid account.
/Accounts receivable/ are mostly outstanding demands from the Linux
Foundation for work done in December.
From the /Common capital stock/ of 25000 Euro 50% are held by Walter
Koch and 50% by Werner Koch, the owners of g10^code. The /Net profit/
gained in 2014 was back then used to make up for the /Loss carried
forward/ in 2014 and the remaining 11000 Euro are set as /Profit
carried forward/ to 2015.
The major part of the /Accounts payable other/ is due to my profit
sharing bonus. The /GnuPG development fund/ is the rest of a campaign
which collected prize money for the GnuPG logo.
[balance sheet] file:data/g10code-bilanz-2015-pub.pdf
1.2 Profit and Loss from 2015-01-01 to 2015-12-31
?????????????????????????????????????????????????
Now let us see how much money we earned and how we spent it. The
following table shows the actual [profit and loss sheet] with a few
accounts pooled up. As above, the values have again been rounded to
the nearest Euro.
????????????????????????????????????????????????????????????
Debit (2014) Credit (2014)
????????????????????????????????????????????????????????????
Revenues 57251 (80435)
Revenues from donations 283538 (0)
Revenues other 218 (163)
Salaries 108719 (31800)
Social insurance 18060 (0)
Contractors 33165 (0)
Write-offs 1532 (1656)
Connectivity and hosting 2012 (2874)
Rents 2681 (2653)
Interest expenses 550 (0)
Travel expenses 3499 (1014)
Other expenses 5169 (6244)
Donations 5100 (1)
Taxes 45171 (0)
Net profit 115350 (34357)
????????????????????????????????????????????????????????????
Sums 341007 (80597) 341007 (80597)
????????????????????????????????????????????????????????????
The /Revenues/ are mainly due to funding from the Linux Foundation for
60,000 USD (54,000 EUR). The /Revenues from donations/ are mainly
made up of 100,000 USD from Stripe and Facebook (89,000 EUR), 113,000
EUR received via PayPal, and 80,000 EUR via Stripe (credit cards).
Note that in 2014 we posted all donations to the /Revenues/ account
and not to a separate donations account.
As with almost all software companies, the majority of expenses are
staff costs (we've hired three programmers). Not counting taxes,
which are due to the annual profit, we have total costs of 180,000 EUR
with 160,000 spent on /Salaries/, /Social insurance/, and
/Contractors/. My share is 47,400 EUR regular salary of which I need
to pay social insurances myself plus a profit sharing bonus of 25000
EUR. That bonus is exceptionally high due to the huge net profit that
we made in 2015; it is very unlikely that a bonus will be due this or
next year.
The /Rents/ are for the room used as an office in my house. The
/Interest/ was paid for a loan that I gave to g10^code in 2012 and
which was redeemed in 2015. /Other expenses/ sums up money spent for
magazines, power, office supplies, advertising, conference fees, legal
costs, etc.
Having received a lot of donations I considered it to be fair to put
some money (5100 EUR) to support [Netzpolitik.org], [FSFE],
[Kindernothilfe], [Freundeskreis f?r Fl?chtlinge in Erkrath],
[Wikimedia], and [OpenMusicContest].
Because g10^code GmbH is still not tax exempted we will need to pay
about 45,000 /Taxes/ in 2015 on the 115,000 Euro of /Net profit/. Due
to the net loss that we expect for 2016, a tax refund can be expected
in 2017.
[profit and loss sheet] file:data/g10code-bilanz-2015-pub.pdf
[Netzpolitik.org] https://netzpolitik.org
[FSFE] https://fsfe.org
[Kindernothilfe] https://www.kindernothilfe.de
[Freundeskreis f?r Fl?chtlinge in Erkrath]
http://www.freundeskreis-fluechtlinge-erkrath.de/
[Wikimedia] https://wikimedia.de
[OpenMusicContest] https://openmusiccontest.org
1.3 Planning 2016 and 2017
??????????????????????????
Along with the paid projects we are currently working on, the two
large donations that we are expecting (from Facebook and Stripe), the
Linux Foundation grant, and a small stream of individual donations,
g10^code will be able to operate with its current staff until the end
of 2017. Obviously, we need a longer term plan. Things are a bit
delayed, because the original plan to turn g10^code into a charitable
company did not worked out and we need to look into other options
before starting a new campaign.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL:
From Alexander.Strobel at giepa.de Thu Apr 21 14:24:50 2016
From: Alexander.Strobel at giepa.de (Alexander Strobel)
Date: Thu, 21 Apr 2016 14:24:50 +0200
Subject: gpgme-sharp API missing
In-Reply-To: <5718149E.4090703@sixdemonbag.org>
References: <5718149E.4090703@sixdemonbag.org>
Message-ID: <5718C692.9090204@giepa.de>
Am 21.04.2016 um 01:45 schrieb Robert J. Hansen:
> On https://wiki.gnupg.org/APIs , gpgme-sharp is listed as being in alpha
> status for .NET. Unfortunately, the link is dead and there's no sign of
> where it's moved to. For a while it was hosted on GitHub, but
> apparently no more.
>
> If anyone has a copy of the gpgme-sharp source code I'd be happy to host
> it on my own GitHub account. But either way, the link on the wiki needs
> to be either updated or removed.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
I dont have a copy of it but I know that it was in 3rd Party section of
the "Outlook Privacy Plugin" git repo of dejavusecurity:
https://github.com/dejavusecurity/OutlookPrivacyPlugin
It was removed from the repo on May 27th, 2015.
Hope this helps
Alex Strobel
www.gpg4o.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL:
From rjh at sixdemonbag.org Thu Apr 21 16:05:18 2016
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 21 Apr 2016 10:05:18 -0400
Subject: gpgme-sharp API missing
In-Reply-To: <874mavb08v.fsf@wheatstone.g10code.de>
References: <5718149E.4090703@sixdemonbag.org>
<874mavb08v.fsf@wheatstone.g10code.de>
Message-ID: <4753aa9c-0bab-bd35-2361-eb30a7f25df3@sixdemonbag.org>
> Do you know whether this is a working implementation and whether it is
> stand-alone API or a binding for GPGME? In the latter case it should go
> into GPGME proper.
I haven't looked at it in a few years. My recollection is that it was a
barely-working GPGME binding.
From dashohoxha at gmail.com Fri Apr 22 17:38:42 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Fri, 22 Apr 2016 17:38:42 +0200
Subject: EasyGnuPG v0.9
Message-ID:
Hi,
I have made another release of EasyGnuPG.
Things that have changed since the last time that I posted here are:
- Small fixes and improvements (some of which were suggested here).
- Finished automated testing scripts [1].
- Bash autocompletion [2].
- Making the egpg key-ring the default one [3].
- Spliting the key into partial keys and using a dongle [4].
Any comments or feedback is welcome. Actually I would prefer the task tool
of GitHub [5] for reporting bugs and feature requests, but either way is Ok.
I would like some help on these issues (if somebody can help):
- How to use `egpg` properly with mutt, alpine, etc.
- I think that it should be possible to customize Linux desktops (LXDE,
XFCE, GNOME, KDE, etc.) to add key-combinations (shortcuts) or
context-menus, to run some command on a selected file. This could be useful
for the commands `egpg seal`, `egpg open`, `egpg sign`, `egpg verify`, etc.
But I have no idea how to do this.
- Write a script/command that automates the process of copying a key to a
smartcard [6]. I could have tried it myself but I don't have any smartcards.
Regards,
Dashamir
[1]: https://github.com/dashohoxha/egpg/tree/master/tests
[2]: https://github.com/dashohoxha/egpg/blob/master/src/bash-completion.sh
[3]: https://github.com/dashohoxha/egpg/wiki/default-gnupghome
[4]: https://github.com/dashohoxha/egpg/wiki/split-key
[5]: https://github.com/dashohoxha/egpg/issues
[6]: https://github.com/dashohoxha/egpg/issues/10
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From daniel at hillsdalecorp.com Sun Apr 24 18:51:36 2016
From: daniel at hillsdalecorp.com (Daniel H. Werner)
Date: Sun, 24 Apr 2016 09:51:36 -0700
Subject: Help needed
Message-ID:
Colleagues,
I need some help.
I downloaded GPGTools on my Mac laptop (I have not done it on my Mac desktop yet as I want to be sure I know what I am doing!!!) and did the Install.
I Imported my existing keys.
And I have several question/problems:
1) When I open a new email message window, I see a green box in the upper right hand corner which is labeled ?OpenPGP?. Is that right?
2) Should I be able to toggle GPG on and off;
3) I composed a short Test message to send to myself. In order to Encrypt it, I selected the text, went to Services and selected Encrypt. That gave me the encrypted code in a new window. It seemed to me that I then had to select that text, copy and then paste it into the new message. There has to be a simpler way to perform these functions? What are they?
4) My existing keys were created (in 2009 in PGP) at 2048 length. Should I change them to 4096? If so, how?
5) Even if I do not Encrypt the outgoing message, I get a window asking for my Passphrase. In the older PGP version, I had the option to cache the Passphrase so I did not have to enter it every time. How do I simplify this function?
In advance, Thank You everyone for your help.
Daniel
_______________________________
Daniel H. Werner
Portland, OR 97202 USA
(503) 709-0950
Confidentiality Notice: The information contained in this e-mail is confidential and for the intended recipient(s) alone. It may contain privileged and confidential information and is covered by Non-Disclosure Agreements. If you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, please notify us immediately. Thank You.
_______________________________
Daniel H. Werner,
President
Hillsdale Corporation
9 Oregon Yacht Club
Portland, OR 97202 USA
www.hillsdalecorp.com
Cell: (503) 709-0950
Confidentiality Notice: The information contained in this e-mail is confidential and for the intended recipient(s) alone. It may contain privileged and confidential information and is covered by Non-Disclosure Agreements. If you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, please notify us immediately. Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HSDL_Logo_H.smjpg.jpg
Type: image/jpeg
Size: 8411 bytes
Desc: not available
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HSDL_Logo_H.smjpg.jpg
Type: image/jpeg
Size: 8411 bytes
Desc: not available
URL:
From dashohoxha at gmail.com Sun Apr 24 19:16:24 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Sun, 24 Apr 2016 19:16:24 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID:
On Sun, Apr 24, 2016 at 6:51 PM, Daniel H. Werner
wrote:
>
> 4) My existing keys were created (in 2009 in PGP) at 2048 length. Should
> I change them to 4096? If so, how?
>
I think that 2048 is still OK.
But if you decide to upgrade, you can find some good advice here:
https://johnlane.ie/i-have-a-new-gnupg-key.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Sun Apr 24 19:59:51 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sun, 24 Apr 2016 19:59:51 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID: <571D0997.1060005@digitalbrains.com>
On 24/04/16 19:16, Dashamir Hoxha wrote:
> I think that 2048 is still OK.
Yes; it is also the current default, so no need to upgrade the key.
> But if you decide to upgrade, you can find some good advice here:
> https://johnlane.ie/i-have-a-new-gnupg-key.html
I consider "stick to the defaults" better advice. That website makes it
all rather complicated.
As for the OP's other questions, I can't answer them very well because I
don't know MacOS, but I can give you advice: could you please indicate
what software you are using? What mail client, what other GnuPG-related
software? You say you compose a mail, and you select Services from
somewhere. This seems /really/ little to go on if we don't know in what
program you compose a mail and where this Services comes from (it might
be that same mail application, I don't know).
FWIW, no, with a good e-mail plugin you don't have to copy-paste
anything to different windows. That's not a nice interface at all.
And when you are asked for your password, that is not because you are
/encrypting/, you never need a password to encrypt. It's asking for your
password because you are /signing/, I think. And the time to cache a
passphrase is set with the option default-cache-ttl in the file
gpg-agent.conf in your GnuPG home directory (I don't know where that is
on MacOS, it could just be ~/.gnupg), as follows:
default-cache-ttl 3600
The argument is in seconds. The default is 10 minutes, so if you are
asked for your passphrase within 10 minutes, I expect something didn't
install properly...
I hope someone who actually uses MacOS can help you further with
specific advice.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From paolo.bolzoni.brown at gmail.com Sun Apr 24 20:01:37 2016
From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni)
Date: Sun, 24 Apr 2016 20:01:37 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID:
You are strongly advised to read the gpg frequently asked questions,
here is the link:
https://www.gnupg.org/faq/gnupg-faq.html
Here a particularly relevant question:
https://www.gnupg.org/faq/gnupg-faq.html#please_use_ecc
On Sun, Apr 24, 2016 at 7:16 PM, Dashamir Hoxha wrote:
> On Sun, Apr 24, 2016 at 6:51 PM, Daniel H. Werner
> wrote:
>>
>> 4) My existing keys were created (in 2009 in PGP) at 2048 length. Should
>> I change them to 4096? If so, how?
>
>
> I think that 2048 is still OK.
> But if you decide to upgrade, you can find some good advice here:
> https://johnlane.ie/i-have-a-new-gnupg-key.html
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
From free10pro at gmail.com Sun Apr 24 19:18:49 2016
From: free10pro at gmail.com (Paul R. Ramer)
Date: Sun, 24 Apr 2016 10:18:49 -0700
Subject: Help needed
In-Reply-To:
References:
Message-ID: <571CFFF9.1090106@gmail.com>
On 04/24/2016 09:51 AM, Daniel H. Werner wrote:
> I downloaded GPGTools on my Mac laptop (I have not done it on my Mac desktop yet
> as I want to be sure I know what I am doing!!!) and did the Install.
> I Imported my existing keys.
> And I have several question/problems:
First off, I can't answer all of your questions, because I am not
familiar with GPGTools. But I have provided answers to some of your
questions.
> 1) When I open a new email message window, I see a green box in the upper right
> hand corner which is labeled ?OpenPGP?. Is that right?
Yes, it is. If you visit https://gpgtools.org/ and scroll to the bottom
of the page, you will see slides that you can click through. One of
them shows a screenshot of this.
> 2) Should I be able to toggle GPG on and off;
I believe so. The slide that I referred to above says that you can
click the lock button (it is a button with a glyph in the form of a
lock) to encrypt your email to the recipient.
> 3) I composed a short Test message to send to myself. In order to Encrypt it, I
> selected the text, went to Services and selected Encrypt. That gave me the
> encrypted code in a new window. It seemed to me that I then had to select that
> text, copy and then paste it into the new message. There has to be a simpler
> way to perform these functions? What are they?
I believe you are supposed to click the lock button I mentioned above.
Please see the section of website that I referred to earlier.
> 4) My existing keys were created (in 2009 in PGP) at 2048 length. Should I
> change them to 4096? If so, how?
No, that is not necessary. Do know that many people have *strong*
opinions about key length that are based little empirical fact. [1] See
the GnuPG FAQ topic about this. [2]
> 5) Even if I do not Encrypt the outgoing message, I get a window asking for my
> Passphrase. In the older PGP version, I had the option to cache the Passphrase
> so I did not have to enter it every time. How do I simplify this function?
I am sorry. I don't know the answer to this question.
Hope that helps,
-Paul
[1] I apologized to the list if I have opened that horrendous can of
worms again by answering this question.
[2] https://gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096
From me at jojoob.de Sun Apr 24 19:14:10 2016
From: me at jojoob.de (Johannes Burk)
Date: Sun, 24 Apr 2016 19:14:10 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID:
> 1) When I open a new email message window, I see a green box in the upper right hand corner which is labeled ?OpenPGP?. Is that right?
> 2) Should I be able to toggle GPG on and off;
Yes, the green box in the upper right of the new message window indicates that the GPGTools are integrated into Mail app.
In addition there are to buttons on the right in the subject row. The left one (open/closed lock) indicates if the mail is going to be encrypted and the other one if the message will be signed.
> 3) I composed a short Test message to send to myself. In order to Encrypt it, I selected the text, went to Services and selected Encrypt. That gave me the encrypted code in a new window. It seemed to me that I then had to select that text, copy and then paste it into the new message. There has to be a simpler way to perform these functions? What are they?
It should not be necessary to encrypt the message manually as you described. If you compose a message to a recipient for which you have a trusted key in your keychain the message should automatically become encrypted, indicated by the button described above.
> 5) Even if I do not Encrypt the outgoing message, I get a window asking for my Passphrase. In the older PGP version, I had the option to cache the Passphrase so I did not have to enter it every time. How do I simplify this function?
By default GPGTools signs all outgoing messages. Therefor GPG asks for your password because it needs your private key to sign the message.
From vallir63 at gmail.com Sun Apr 24 20:40:21 2016
From: vallir63 at gmail.com (MuthuSankaraNarayanan Valliammal)
Date: Sun, 24 Apr 2016 20:40:21 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID:
I have this problem. I am writing an application in android for the GNUPG.
for that I want to add the commands in the android package itself. whether
I need to install the Gaurdian GNUPG and then call the commands from my
application, or can I able to call the application gnupg with the library
in my application itself, I can integrate the gnupg?.
this is for android application.
thanks,
regards,
MVS
On Sun, Apr 24, 2016 at 7:14 PM, Johannes Burk wrote:
>
> > 1) When I open a new email message window, I see a green box in the
> upper right hand corner which is labeled ?OpenPGP?. Is that right?
> > 2) Should I be able to toggle GPG on and off;
>
> Yes, the green box in the upper right of the new message window indicates
> that the GPGTools are integrated into Mail app.
> In addition there are to buttons on the right in the subject row. The left
> one (open/closed lock) indicates if the mail is going to be encrypted and
> the other one if the message will be signed.
>
> > 3) I composed a short Test message to send to myself. In order to
> Encrypt it, I selected the text, went to Services and selected Encrypt.
> That gave me the encrypted code in a new window. It seemed to me that I
> then had to select that text, copy and then paste it into the new message.
> There has to be a simpler way to perform these functions? What are they?
>
> It should not be necessary to encrypt the message manually as you
> described. If you compose a message to a recipient for which you have a
> trusted key in your keychain the message should automatically become
> encrypted, indicated by the button described above.
>
> > 5) Even if I do not Encrypt the outgoing message, I get a window asking
> for my Passphrase. In the older PGP version, I had the option to cache the
> Passphrase so I did not have to enter it every time. How do I simplify this
> function?
>
> By default GPGTools signs all outgoing messages. Therefor GPG asks for
> your password because it needs your private key to sign the message.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From peter at digitalbrains.com Sun Apr 24 20:49:11 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Sun, 24 Apr 2016 20:49:11 +0200
Subject: Help needed
In-Reply-To:
References:
Message-ID: <571D1527.90205@digitalbrains.com>
On 24/04/16 20:40, MuthuSankaraNarayanan Valliammal wrote:
> I have this problem. I am writing an application in android for the
> GNUPG. for that I want to add the commands in the android package
> itself.
Could you please start a new thread instead of changing the subject of
this thread to something else entirely? Thanks!
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From vallir63 at gmail.com Sun Apr 24 12:49:18 2016
From: vallir63 at gmail.com (MuthuSankaraNarayanan Valliammal)
Date: Sun, 24 Apr 2016 12:49:18 +0200
Subject: Can I able to integrate GNUPG windows version directly with the
Android application
Message-ID:
Dear Sir,
can I able to integrate the GNUPG windows application directly in Android.
or need to use the GNUPG Android Gaurdian application and then set the
relevant paths,
then apply that for running?.
Please let me know.
thanks ,
regards
MVS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From free10pro at gmail.com Sun Apr 24 22:19:27 2016
From: free10pro at gmail.com (Paul R. Ramer)
Date: Sun, 24 Apr 2016 13:19:27 -0700
Subject: Help needed
In-Reply-To: <571D0997.1060005@digitalbrains.com>
References:
<571D0997.1060005@digitalbrains.com>
Message-ID: <571D2A4F.3040700@gmail.com>
On 04/24/2016 10:59 AM, Peter Lebbing wrote:
> As for the OP's other questions, I can't answer them very well because I
> don't know MacOS, but I can give you advice: could you please indicate
> what software you are using? What mail client, what other GnuPG-related
> software? You say you compose a mail, and you select Services from
> somewhere. This seems /really/ little to go on if we don't know in what
> program you compose a mail and where this Services comes from (it might
> be that same mail application, I don't know).
He is using Apple's default client called "Mail". GPGTools provides a
plug-in for Mail.
What he means by Services is the Services menu. It can be accessed by a
right-click or by accessing Mac OS X's menu bar. Services is an cool
"Mac thing" that allows programs to integrate with each other (however,
there may be analogs in other systems that I am not thinking about). It
is kind of like plug-ins that you can access in any program.
For example in this case, the user could be using a GUI text editor. The
user highlights some text, chooses the encryption option from Services,
and gets ASCII armored text as an output. Using a web browser and
webmail, the user could do the same operation and get the same result.
It is not dependent on which program the Service menu is accessed from.
No switching between programs is required while doing this, nor having
to consciously run the program whose "services" are being used. You can
read more about it Wikipedia. [1]
> FWIW, no, with a good e-mail plugin you don't have to copy-paste
> anything to different windows. That's not a nice interface at all.
Correct. He is just using it the hard way. ;-) This "First Steps"
tutorial should be the way to go. [2]
Cheers,
-Paul
[1] https://en.wikipedia.org/wiki/Services_menu
[2]
https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-mail
From antony at blazrsoft.com Sun Apr 24 22:22:01 2016
From: antony at blazrsoft.com (Antony Prince)
Date: Sun, 24 Apr 2016 16:22:01 -0400
Subject: Can I able to integrate GNUPG windows version directly with the
Android application
In-Reply-To:
References:
Message-ID: <571D2AE9.4000907@blazrsoft.com>
On 4/24/2016 6:49 AM, MuthuSankaraNarayanan Valliammal wrote:
> Dear Sir,
>
> can I able to integrate the GNUPG windows application directly in Android.
> or need to use the GNUPG Android Gaurdian application and then set the
> relevant paths,
> then apply that for running?.
>
Guardianproject has a port of gnupg to android[1] that might be of some
use to you.
[1]https://github.com/guardianproject/gnupg-for-android
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL:
From antony at blazrsoft.com Sun Apr 24 22:27:53 2016
From: antony at blazrsoft.com (Antony Prince)
Date: Sun, 24 Apr 2016 16:27:53 -0400
Subject: Can I able to integrate GNUPG windows version directly with the
Android application
In-Reply-To:
References:
Message-ID: <571D2C49.10002@blazrsoft.com>
On 4/24/2016 6:49 AM, MuthuSankaraNarayanan Valliammal wrote:
> Dear Sir,
>
> can I able to integrate the GNUPG windows application directly in Android.
> or need to use the GNUPG Android Gaurdian application and then set the
> relevant paths,
> then apply that for running?.
>
I just realized the project I linked was the exact one you were talking
about. :-) In this case though, I'd say there's no need to re-invent the
wheel. They've already got it ported to Android and if you can fit it to
your needs, then I'd go with that.
--
Antony Prince
Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659 C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL:
From Alexander.Strobel at giepa.de Mon Apr 25 09:46:49 2016
From: Alexander.Strobel at giepa.de (Alexander Strobel)
Date: Mon, 25 Apr 2016 09:46:49 +0200
Subject: gpgme-sharp API missing
In-Reply-To: <5718149E.4090703@sixdemonbag.org>
References: <5718149E.4090703@sixdemonbag.org>
Message-ID: <571DCB69.80905@giepa.de>
Next try to send an email to the list. My last one did not show up here,
so sorry if I am double posting.
Am 21.04.2016 um 01:45 schrieb Robert J. Hansen:
> If anyone has a copy of the gpgme-sharp source code I'd be happy to host
> it on my own GitHub account. But either way, the link on the wiki needs
> to be either updated or removed.
I dont have a copy of but I know that it was in 3rd Party section of the
"Outlook Privacy Plugin" git repo of dejavusecurity:
It was removed from the repo on May 27th, 2015.
Best regards
Alex Strobel
www.gpg4o.com
From peter at digitalbrains.com Mon Apr 25 11:35:55 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 25 Apr 2016 11:35:55 +0200
Subject: (OT) gpgme-sharp API missing
In-Reply-To: <571DCB69.80905@giepa.de>
References: <5718149E.4090703@sixdemonbag.org> <571DCB69.80905@giepa.de>
Message-ID: <571DE4FB.4040807@digitalbrains.com>
On 25/04/16 09:46, Alexander Strobel wrote:
> Next try to send an email to the list. My last one did not show up here,
> so sorry if I am double posting.
The mail you sent Thu, 21 Apr 2016 14:24:50 +0200 showed up in my
mailbox at Thu, 21 Apr 2016 15:46:05 +0200. The mailing list always adds
a delay which can vary. Additionally, mails from non-members are
moderated by a variable-delay human.
But it did arrive. It's on the web archives as well[1]. No idea when it
showed up there :).
HTH,
Peter.
[1] https://lists.gnupg.org/pipermail/gnupg-users/2016-April/055805.html
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From peter at digitalbrains.com Mon Apr 25 11:36:58 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 25 Apr 2016 11:36:58 +0200
Subject: Help needed
In-Reply-To: <571D2A4F.3040700@gmail.com>
References:
<571D0997.1060005@digitalbrains.com> <571D2A4F.3040700@gmail.com>
Message-ID: <571DE53A.90306@digitalbrains.com>
On 24/04/16 22:19, Paul R. Ramer wrote:
> What he means by Services is the Services menu. It can be accessed by a
> right-click or by accessing Mac OS X's menu bar. Services is an cool
> "Mac thing" that allows programs to integrate with each other (however,
> there may be analogs in other systems that I am not thinking about). It
> is kind of like plug-ins that you can access in any program.
Ah, thanks for the clarification :).
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
From Alexander.Strobel at giepa.de Mon Apr 25 14:31:46 2016
From: Alexander.Strobel at giepa.de (Alexander Strobel)
Date: Mon, 25 Apr 2016 14:31:46 +0200
Subject: (OT) gpgme-sharp API missing
In-Reply-To: <571DE4FB.4040807@digitalbrains.com>
References: <5718149E.4090703@sixdemonbag.org> <571DCB69.80905@giepa.de>
<571DE4FB.4040807@digitalbrains.com>
Message-ID: <571E0E32.8010407@giepa.de>
Am 25.04.2016 um 11:35 schrieb Peter Lebbing:
> On 25/04/16 09:46, Alexander Strobel wrote:
>> Next try to send an email to the list. My last one did not show up here,
>> so sorry if I am double posting.
>
> The mail you sent Thu, 21 Apr 2016 14:24:50 +0200 showed up in my
> mailbox at Thu, 21 Apr 2016 15:46:05 +0200. The mailing list always adds
> a delay which can vary. Additionally, mails from non-members are
> moderated by a variable-delay human.
>
> But it did arrive. It's on the web archives as well[1]. No idea when it
> showed up there :).
Thanks for the hint to look at the web archives.
Strangely enough, even until today it does not show up in my inbox...
Therefore I thought it wasn't delivered to the list.
Thank you for clarifying :)
Best regards
Alex Strobel
www.gpg4o.com
From dashohoxha at gmail.com Mon Apr 25 14:52:29 2016
From: dashohoxha at gmail.com (Dashamir Hoxha)
Date: Mon, 25 Apr 2016 14:52:29 +0200
Subject: Paper backup
Message-ID:
Hi,
I have added a feature to egpg to export the key and convert it to 3D
barcode
images, included in a PDF file:
https://github.com/dashohoxha/egpg/blob/master/src/fn/qrencode.sh
This PDF file can be printed and used as a paper backup. It can be restored
with the help of a webcam and a barcode reader program (like zbar).
What do you think of paper backups, are they useful? I have seen some
advice that recommend them, and even claim that they are safer and
more durable/reliable than digital backups.
I think that lots of people are still familiar and comfortable with storing
and
keeping hard-copy documents safe and secure (although we live in the
digital age).
It could also be nice to generate a PDF page that has the gpg key
information
in the format of a business card: name, email, fingerprint (maybe in barcode
format as well). It can repeat several copies of the business card in the
same
page (for example in 5 rows and 2 columns).
Any idea or advice on how to implement this? Maybe starting with a latex
template and converting it to PDF? Or any simpler way?
Thanks,
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From paolo.bolzoni.brown at gmail.com Mon Apr 25 15:06:50 2016
From: paolo.bolzoni.brown at gmail.com (Paolo Bolzoni)
Date: Mon, 25 Apr 2016 15:06:50 +0200
Subject: Paper backup
In-Reply-To:
References:
Message-ID:
I did something similar for the revocation certificate. I used LaTeX
preparing this template for the students:
http://www.inf.unibz.it/dis/teaching/INFSEC/ex/revocation.tar.xz
I think paper backup are a good idea. For example, I keep mine with my
passport, if my passport (and so revocation certificate) get stolen I
have bigger problems than someone revoking my key.
Besides the QR encoding make easy to copy text, even long to computers
(with maximum redundancy you can store up to 3000 ascii chars).
The only disadvantage I see is that some applications read the code in
unexpected ways. For example instead of showing you the text they will
open random websites.
I tried to look around for a "standard" way to state that a QR
contains only plain text, but with no avail.
However, even if not standard starting the text with "TEXT:" seems to
stop many apps from "tupidly interpret the text.
Honestly I don't really get this egpg for reasons we already
discussed, but LaTeX template for sharing the key or keeping the
revocation information are indeed a good idea.
On Mon, Apr 25, 2016 at 2:52 PM, Dashamir Hoxha wrote:
> Hi,
>
> I have added a feature to egpg to export the key and convert it to 3D
> barcode
> images, included in a PDF file:
> https://github.com/dashohoxha/egpg/blob/master/src/fn/qrencode.sh
> This PDF file can be printed and used as a paper backup. It can be restored
> with the help of a webcam and a barcode reader program (like zbar).
>
> What do you think of paper backups, are they useful? I have seen some
> advice that recommend them, and even claim that they are safer and
> more durable/reliable than digital backups.
> I think that lots of people are still familiar and comfortable with storing
> and
> keeping hard-copy documents safe and secure (although we live in the
> digital age).
>
> It could also be nice to generate a PDF page that has the gpg key
> information
> in the format of a business card: name, email, fingerprint (maybe in barcode
> format as well). It can repeat several copies of the business card in the
> same
> page (for example in 5 rows and 2 columns).
> Any idea or advice on how to implement this? Maybe starting with a latex
> template and converting it to PDF? Or any simpler way?
>
> Thanks,
> Dashamir
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
From 2014-667rhzu3dc-lists-groups at riseup.net Mon Apr 25 15:07:02 2016
From: 2014-667rhzu3dc-lists-groups at riseup.net (MFPA)
Date: Mon, 25 Apr 2016 14:07:02 +0100
Subject: (OT) gpgme-sharp API missing
In-Reply-To: <571E0E32.8010407@giepa.de>
References: <5718149E.4090703@sixdemonbag.org> <571DCB69.80905@giepa.de>
<571DE4FB.4040807@digitalbrains.com> <571E0E32.8010407@giepa.de>
Message-ID: <18410647619.20160425140702@riseup.net>
Hi
On Monday 25 April 2016 at 1:31:46 PM, in
, Alexander Strobel wrote:
> Strangely enough, even until today it does not show
> up in my inbox...
> Therefore I thought it wasn't delivered to the list.
If the same applies to all three of your messages, I suggest checking
your subscription options at
. You might have
the option to receive a copy of your own posts turned off.
--
Best regards
MFPA
I would like to help you out. Which way did you come in?
From peter at digitalbrains.com Mon Apr 25 15:11:12 2016
From: peter at digitalbrains.com (Peter Lebbing)
Date: Mon, 25 Apr 2016 15:11:12 +0200
Subject: Paper backup
In-Reply-To: